Electrical computers and digital processing systems: support – Computer virus detection by cryptography
Reexamination Certificate
2001-07-26
2008-09-02
Sheikh, Ayaz (Department: 2131)
Electrical computers and digital processing systems: support
Computer virus detection by cryptography
C713S187000, C726S023000, C726S024000
Reexamination Certificate
active
07421587
ABSTRACT:
A technique for detecting Trojans and worms within packed computer files uses fingerprint data derived from the unpacked resource data associated with the packed computer files. The number of entries, the position within the resource data and size of the resource that is the largest resource specified, a timestamp value of compilation and a checksum value derived from the whole of the resource data may be included within a fingerprint value as characteristic of a particular set of resource data. A library of such fingerprint values may be generated for known Trojans and worms, or other programs it is wished to detect, and then a suspect file compared against this library of fingerprints.
REFERENCES:
patent: 5359659 (1994-10-01), Rosenthal
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5442699 (1995-08-01), Arnold et al.
patent: 5473769 (1995-12-01), Cozza
patent: 5649095 (1997-07-01), Cozza
patent: 5812848 (1998-09-01), Cohen
patent: 5892904 (1999-04-01), Atkinson et al.
patent: 5951698 (1999-09-01), Chen et al.
patent: 5991714 (1999-11-01), Shaner
patent: 6006329 (1999-12-01), Chi
patent: 6230288 (2001-05-01), Kuo et al.
patent: 6269456 (2001-07-01), Hodges et al.
patent: 6338141 (2002-01-01), Wells
patent: 6385610 (2002-05-01), Deffler et al.
patent: 6577920 (2003-06-01), Hypponen et al.
patent: 6851057 (2005-02-01), Nachenberg
patent: 6971019 (2005-11-01), Nachenberg
patent: 6980992 (2005-12-01), Hursey et al.
patent: 6981279 (2005-12-01), Arnold et al.
patent: 7032114 (2006-04-01), Moran
patent: 7043757 (2006-05-01), Hoefelmeyer et al.
patent: 7131036 (2006-10-01), Wray et al.
patent: 2 365 158 (2002-02-01), None
patent: 2365158 (2002-02-01), None
Pietrek, Matt “Peering Inside the PE: A Tour of the Win32 Portable Executable”, 1994, Miller Freeman, Inc.
Ször, Peter “Attacks on WIN32” Virus Bulletin Conference 1998, Virus Bulletin Ltd. pp. 57-84.
Ször, Peter “Attacks on WIN32—Part II” Virus Bulletin Conference 2000, Virus Bulletin Ltd. pp. 47-68.
Schneier, Bruce “Applied Cryptography, Second Edition”, 1996 John Wiley and Sons, pp. 442-445.
Cowie Neil Andrew
Muttik Igor
Hamaty Christopher J.
Henning Matthew T.
McAfee, Inc.
Sheikh Ayaz
Zilka-Kotab, PC
LandOfFree
Detecting computer programs within packed computer files does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Detecting computer programs within packed computer files, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detecting computer programs within packed computer files will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3983667