Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2005-04-14
2008-03-25
Alam, Shahid (Department: 2162)
Data processing: database and file management or data structures
Database design
Data structure types
C726S023000, C726S022000, C726S024000
Reexamination Certificate
active
07349931
ABSTRACT:
Systems and methods for managing multiple related pestware processes on a protected computer are described. In one implementation, a plurality of files in a file storage device of a protected computer are scanned and obfuscated files are identified from among the plurality of files. To identify whether the obfuscated file is a pestware file, one or more potential pestware processes are identified as being associated with the obfuscated file, and the one or more associated process are scanned so as to determine whether the processes, and hence, the obfuscated file, are pestware. In variations, the obfuscated file is analyzed to identify the start address of the associated one or more processes, and the start address is utilized as a reference point from which information located at one or more offsets from the start address is analyzed so as to determine whether the one or more processes are known pestware.
REFERENCES:
patent: 5442669 (1995-08-01), Medin
patent: 5485575 (1996-01-01), Chess et al.
patent: 5696822 (1997-12-01), Nachenberg
patent: 5826013 (1998-10-01), Nachenberg
patent: 6192512 (2001-02-01), Chess
patent: 6253258 (2001-06-01), Cohen
patent: 6357008 (2002-03-01), Nachenberg
patent: 6457174 (2002-09-01), Kuroda et al.
patent: 6681972 (2004-01-01), Tapocik
patent: 6735703 (2004-05-01), Kilpatrick et al.
patent: 6775780 (2004-08-01), Muttik
patent: 6851057 (2005-02-01), Nachenberg
patent: 6931540 (2005-08-01), Edwards et al.
patent: 6971019 (2005-11-01), Nachenberg
patent: 6973577 (2005-12-01), Kouznetsov
patent: 6973578 (2005-12-01), McIchionc
patent: 7150045 (2006-12-01), Koelle et al.
patent: 7155742 (2006-12-01), Szor
patent: 7171690 (2007-01-01), Kouznetsov et al.
patent: 7178166 (2007-02-01), Taylor et al.
patent: 7216367 (2007-05-01), Szor
patent: 2002/0120871 (2002-08-01), Watkins et al.
patent: 2003/0023865 (2003-01-01), Cowie et al.
patent: 2003/0046558 (2003-03-01), Teblyashkin et al.
patent: 2003/0074573 (2003-04-01), Hursey et al.
patent: 2003/0110391 (2003-06-01), Wolff et al.
patent: 2003/0115479 (2003-06-01), Edwards et al.
patent: 2003/0120952 (2003-06-01), Tarbotton et al.
patent: 2003/0212902 (2003-11-01), Made
patent: 2003/0217286 (2003-11-01), Carmona et al.
patent: 2003/0233566 (2003-12-01), Kouznetsov et al.
patent: 2004/0015712 (2004-01-01), Szor
patent: 2004/0030912 (2004-02-01), Merkle
patent: 2004/0068664 (2004-04-01), Nachenberg et al.
patent: 2004/0199827 (2004-10-01), Muttik et al.
patent: 2004/0243829 (2004-12-01), Jordan
patent: 2004/0255165 (2004-12-01), Szor
patent: 2005/0021994 (2005-01-01), Barton et al.
patent: 2005/0039029 (2005-02-01), Shipp
patent: 2005/0055558 (2005-03-01), Carmona
patent: 2005/0071649 (2005-03-01), Shipp
patent: 2005/0154900 (2005-07-01), Muttik
patent: 2005/0172337 (2005-08-01), Bodorin et al.
patent: 2005/0172338 (2005-08-01), Sandu et al.
patent: 2005/0188272 (2005-08-01), Bodorin et al.
patent: 2005/0223238 (2005-10-01), Schmid et al.
patent: 2005/0262567 (2005-11-01), Carmona
patent: 2005/0268112 (2005-12-01), Wang et al.
patent: 2005/0268338 (2005-12-01), Made
patent: 2005/0278783 (2005-12-01), Chien et al.
patent: 2005/0278785 (2005-12-01), Lieberman
patent: 2005/0283838 (2005-12-01), Saito
patent: 2006/0112235 (2006-05-01), Cabot et al.
patent: 2006/0123244 (2006-06-01), Gheorghescu et al.
patent: 2006/0200863 (2006-09-01), Ray et al.
Rabek et al., Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code, 2003, ACM, pp. 76-82.
Carey Nachenberg, Computer Virus-Coevolution, Jan. 1997, ACM, pp. 46-51.
Linn et al., Obfuscation of Executable Code to Improve Resistance to Static Disassembly, 2003, ACM, pp. 290-299.
DIMVA 2005 (2005 : Vienna, Austria), Detection of intrusions and malware, and vulnerability assessment : second international conference, DIMVA 2005, Vienna, Austria, Jul. 7-8, 2005 : proceedings / Klaus Julisch, Christopher Kruegel (eds.). Berlin ; New York : Springer, 2005. x, 240 p. ill. ; 24 cm. pp. 1-18, 174-187.
Tittel, Ed., PC magazine fighting spyware, viruses, and malware / Ed Tittel. Indianapolis, IN : Wiley Pub., c2005. xv, 367 p. ill. ; 24 cm. pp. 328-330, 334-335.
Skoudis, Ed., Malware : fighting malicious code / Ed Skoudis with Lenny Zeltser. NJ : Prentice Hall Professional Technical Reference, c2004. xxii, 647 p. ill. ; 24 cm. pp. 590-601, 615-618.
Milenkovic′ et al., “Using instruction block signatures to counter code injection attacks” (article)., ACM SIGARCH Computer Architecture News archive, vol. 33, Issue 1 (Mar. 2005). Special Issue: Workshop on architectural support for security and anti-virus (WASSA) table of contents, pp. 108-117 Year of Publication: 2005 ISSN:0163-5964. ACM Press. New York, NY.
Rabek et al, “Detection of injected, dynamically generated, and obfuscated malicious code” Source Workshop on Rapid Malcode archive; Proceedings of the 2003 ACM workshop on Rapid malcode table of contents Washington, DC, USA SESSION: Defensive technology pp. 76-82 Year of Publication: 2003 ISBN:1-58113-785-0 Sponsors—SIGSAC: ACM Special Interest Group on Security, Audit, and Control ACM: Association for Computing Machinery. ACM Press New York, NY.
Whittaker et al., “Neutralizing windows-based malicious mobile code”, Symposium on Applied Computing archive Proceedings of the 2002 ACM symposium on Applied computing, Madrid, Spain. SESSION: Computer security table of contents pp. 242-246 Year of Publication: 2002 ISBN:1-58113-445-2. Sponsor: SIGAPP: ACM Special Interest Group on Applied Computing. ACM Press,New York, NY.
Singh et al., “Analysis and detection of computer viruses and worms: an annotated bibliography”, ACM SIGPLAN Notices archive, vol. 37, Issue 2 (Feb. 2002) COLUMN: Technical correspondence, pp. 29-35, ISSN:0362-1340, ACM Press New York, NY, USA.
Nachenberg, “Computer virus-antivirus coevolution”, Communications of the ACM archive. vol. 40, Issue 1 (Jan. 1997), pp. 46-51, ISSN:0001-0782 Symantec Antivirus Research Center, Symantec Corp., Santa Monica, Calif. ACM Press New York, NY.
Erbschloe, Trojans, Worms, and Spyware: A Computer Security Professional's Guide to Malicious Code, MA: Elsevier Butterworth-Heinemann, 2005. pp. 185-189.
Harley, et al., Viruses Revealed, CA: Osborne/McGraw-Hill Publishers, 2001. pp. 219-225, 228-229.
List of Several Anti-Spyware Vendors/Producers appearing prominently on the Internet (current date), unknown.
International Search Report, PCT/US 06/14004, Jan. 22, 2007.
International Search Report; PCT/US2006/014003.
Office Action mailed on Apr. 6, 2007 from USPTO for U.S. Appl. No. 11/105,977.
Office Action mailed on Sep. 20, 2007 from USPTO for U.S. Appl. No. 11/106,122.
International Search Report and Written Opinion, PCT/US06/14405, Nov. 29, 2007.
Office Action Dated Dec. 28, 2007 for U.S. Appl. No. 11/105,977.
Alam Shahid
Ehichioya Fred I
Faegre & Benson LLP
Webroot Software, Inc.
LandOfFree
System and method for scanning obfuscated files for pestware does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for scanning obfuscated files for pestware, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for scanning obfuscated files for pestware will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3968574