Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2003-08-12
2009-06-23
Zand, Kambiz (Department: 2434)
Information security
Monitoring or scanning of software or data including attack...
C726S025000, C705S051000, C705S052000, C705S053000, C705S054000, C713S189000, C713S190000, C713S191000, C717S174000, C717S175000, C717S176000
Reexamination Certificate
active
07552473
ABSTRACT:
A worm detection module (WDM) (212) stops worms and other malicious software from spreading among computer systems (100) on a network (210) via open drive shares. The WDM (212) monitors (310) a storage device (108) for activity (314, 316) directed to executable files by remote processes. The WDM (212) flags (318) files (216) that are the target of such activity. If a flagged file (216) attempts to create an executable file (218) on a networked computer system (100B), the WDM (212) detects (322) that the flagged file (216) is a worm. In response, the WDM (212) blocks the write to the networked computer system (100B) and thereby prevents the worm from propagating.
REFERENCES:
patent: 6088803 (2000-07-01), Tso et al.
patent: 6594686 (2003-07-01), Edwards et al.
patent: 6842861 (2005-01-01), Cox et al.
patent: 6973577 (2005-12-01), Kouznetsov
patent: 2002/0129277 (2002-09-01), Caccavale
patent: 2002/0138585 (2002-09-01), Sen
patent: 2002/0147915 (2002-10-01), Chefalas et al.
patent: 2004/0098607 (2004-05-01), Alagna et al.
patent: 2383444 (2003-06-01), None
patent: WO 01/57829 (2001-08-01), None
patent: WO 02/06928 (2002-01-01), None
Delio, M., “Virus Throttle a Hopeful Defense”, Wired News, Dec. 9, 2002 [online] Retrieved from the Internet <URL:http://www.wired.com
ews/infostructure/0,1377,56753,000.html>.
Lowe R. et al., WinXP Pro File Sharing, Practically Networked, Dec. 12, 2001, [online] [Retrieved on Jun. 10, 2003] Retrieved from the Internet <URL:http://www.practicallynetworked.com/sharing/xp—filesharing/whole.htm>.
Microsoft web pages, “Microsoft Palladium: A Business Overview,” pp. 1-10 [online], Amy Carroll, Mario Juarez, Julia Polk and Tony Leininger, Aug. 2002 [retrieved on Oct. 10, 2002]. Retrieved from the Internet: <URL:http://www.microsoft.com/PressPass/features/2002/jul02/0724palladiumwp.asp>.
Microsoft web pages, “Microsoft Palladium Initiative—Technical FAQ,” pp. 1-8 [online], Aug. 2002 [retrieved on Oct. 10, 2002]. Retrieved from the Internet: <URL:http://www.microsoft.com/technet/security
ews/PallFAQ2.asp?frame=true>.
Moore, D. et al., Code-Red: A Case Study On The Spread And Victims Of An Internet Worm, Proceedings of the Internet Measurement Workshop (IMW), 2002, [online] [Retrieved on Dec. 16, 2003] Retrieved from the Internet <URL:http://www.citeseer.nj.nec.com/moore02codered.html>.
New Windows Worms At Work In May web page, Shout Communications, [online] [Retrieved on Dec. 16, 2003] Retrieved from the Internet <URL:http://www.shoutasia.com/trend/clients—trend—may—virus.htm>.
Staniford, S. et al., How To Own The Internet In Your Spare Time, Proceedings of the 11the USENIX Security Symposium, 2002, [online] [Retrieved on Dec. 16, 2003] Retrieved from the Internet <URL://http://citeseer.nj.nec.com/staniford02how.html>.
Toth, T. et al., Connection-History Based Anomaly Detection, Proceedings of the 2002 IEEE, Workshop On Information Assurance And Security, Jun. 2002, pp. 30-35, vol. 17-19, United States Military Academy, West Point, N.Y.
Trusted Computing Platform Alliance, “Building a Foundation of Trust in the PC,” pp. 1-9, Jan. 2000.
Trusted Computing Platform Alliance web pages. “TCPA / Palladium Frequently Asked Questions,” pp. 1-13 [online], Ross Anderson [retrieved on Oct. 10, 2002]. Retrieved from the Internet: <URL:http://www.cl.cam.ac.uk/˜rja14/tcpa-faq.html>.
Williamson, M., “Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code”, ACSAC Conference, Dec. 2002, pp. 1-9, Hewlett-Packard, Dec. 10, 2002.
Windows XP Simple File Sharing web page, Practically Networked, [online] [Retrieved on Jun. 10, 2003] Retrieved from the Internet <URL:http://www.practicallynetworked.com/sharing/xp/filesharing.htm>.
Chess, David J., Computer Viruses And Related Threats To Computer And Network Integrity, Computer Networks And ISDN Systems, Jul. 10, 1989, pp. 141-148, Amsterdam, NL.
Nachenberg, Carey, Behavior Blocking: The Next Step In Anti-Virus Protection, Mar. 19, 2002, [online] [retrieved on Nov. 29, 2004] Retrieved from the Internet: <URL:http://www.securityfocus.com/printable/infocus/1557>.
European Search Report, European Application No. 04254600, Dec. 21, 2004, 4 pages.
Parkhouse, Jayne, “Pelican SafeTNet 2.0” [online], Jun. 2000, SC Magazine Product Review, [retrieved on Dec. 1, 2003]. Retrieved from the Internet: <URL: http://www.scmagazine.com/scmagazine/standalone/pelican/sc—pelican.html.
Fenwick & West LLP
Symantec Corporation
Tolentino Roderick
Zand Kambiz
LandOfFree
Detecting and blocking drive sharing worms does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Detecting and blocking drive sharing worms, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detecting and blocking drive sharing worms will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4092343