4. Information security
  5. Monitoring or scanning of software or data including attack...
  6. Vulnerability assessment

Send blocking system and method

Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment

Reexamination Certificate

Rate now
  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S022000, C726S023000, C726S024000, C713S165000, C713S167000, C713S188000

Reexamination Certificate

active

10464091

ABSTRACT:
A method includes hooking a send operating system function, originating a call to the send operating system function with a call module to send the content of a send buffer, stalling the call, and determining whether the call module or a copy of the call module are in the send buffer. Upon a determination that the call module or a copy of the call module are in the send buffer, the method further includes terminating the call. By terminating the call, the call module comprising malicious code is prevented from sending itself or a copy of itself to other host computer systems thus preventing the spread of the call module.

REFERENCES:
patent: 5598531 (1997-01-01), Hill
patent: 5696822 (1997-12-01), Nachenberg
patent: 5802178 (1998-09-01), Holden et al.
patent: 5822517 (1998-10-01), Dotan
patent: 6199181 (2001-03-01), Rechef et al.
patent: 6301699 (2001-10-01), Hollander et al.
patent: 6357008 (2002-03-01), Nachenberg
patent: 6658571 (2003-12-01), O'Brien et al.
patent: 6718414 (2004-04-01), Doggett
patent: 6910142 (2005-06-01), Cross et al.
patent: 7085928 (2006-08-01), Schmid et al.
patent: 7146305 (2006-12-01), van der Made
patent: 7181603 (2007-02-01), Rothrock et al.
patent: 2002/0083334 (2002-06-01), Rogers et al.
Choi, Y., et al, ‘A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation’, ICISC 2001: 4th International Conference Seoul, Korea, Dec. 6-7, 2001. Proceedings, pp. 146-159, http://www.springerlink.com/content/x8tn836pk6wyp8kw/fulltext.pdf.
Xenitellis, S., ‘Security Vulnerablilties in Event-Driven Systems’, ISG, Royal Holloway Univ. of London, 2002, entire document, http://www.isg.rhul.ac.uk/˜simos/pub/OLD/SecurityVulnerabilitiesInEvent-drivenSystems.pdf.
Vasudevan, A., et al, ‘Cobra: Fine-grained Malware Analysis using Stealth Localized-executions’, 2006, Dept. of CS and Engineering, Univ. of TX, entire document, http://data.uta.edu/˜ramesh/pubs/IEEE-Cobra.pdf.
Finnegan, J., ‘Pop Open a Privileged Set of APIs with Windows NT Kernel Mode Drivers’, Microsoft Corp., Microsoft Systems Journal, Mar. 1998, entire article, http://www.microsoft.com/MSJ/0398/driver.aspx.
Szor, P., U.S. Appl. No. 10/371,945, filed Feb. 21, 2003, entitled “Safe Memory Scanning”.
Szor, P., U.S. Appl. No. 10/781,207, filed Feb. 17, 2004, entitled “Kernal Mode Overflow Attack Prevention System and Method”.
Vasudevan et al., “SPiKE: Engineering Malware Analysis Tools using Unobtrusive Binary-Instrumentation”,Conferences in Research and Practice in Information Technology, vol. 48, Australian Computer Society, Inc., Jan. 2006, pp. 1-10. Retrieved from the Internet on Dec. 1, 2006 from <URL:http://crpit.com/confpapers/CRPITV48Vasudevan.pdf>.
Szor, P., “Attacks on WIN32”, Virus Bulletin Conference, Oct. 1998, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 57-84.
Szor, P., “Memory Scanning Under Windows NT”, Virus Bulletin Conference, Sep. 1999, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 1-22.
Szor, P., “Attacks on WIN32-Part II”, Virus Bulletin Conference, Sep. 2000, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 47-68.
Chien, E. and Szor, P., “Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques In Computer Viruses”, Virus Bulletin Conference, Sep. 2002, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 1-36.
Buysse, J., “Virtual Memory: Window NT® Implementation”, pp. 1-15 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://people.msoe.edu/-barnicks/courses/cs384/papers19992000/buyssej-Term.pdf>.
Dabak, P., Borate, M. and Phadke, S., “Hooking Windows NT System Services”, pp. 1-8 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet :<URL:http://www.windowsitlibrary.com/Content/356/06/2.html>.
“How Entercept Protects: System Call Interception”, pp. 1-2 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet :<URL:http://www.entercept.com/products/technology/kernelmode.asp>. No author provided.
“How Entercept Protects: System Call Interception”, p. 1 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet :<URL:http://www.entercept.com/products/technology/interception.asp>. No author provided.
Kath, R., “The Virtual-Memory Manager in Windows NT”, pp. 1-11 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://msdn.microsoft.com/library/en-us/dngenlib/html/msdn—ntvmm.asp?frame=true>.
Szor, P. and Kaspersky, E., “The Evolution of 32-Bit Windows Viruses”, Windows & .NET Magazine, pp. 1-4 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.winnetmag.com/Articles/Print.cfm?ArticleID=8773>.
Szor, P., “The New 32-bit Medusa”, Virus Bulletin, Dec. 2000, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 8-10.
Szor, P., “Shelling Out”, Virus Bulletin, Feb. 1997, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 6-7.
McCorkendale, B. and Szor, P., “Code Red Buffer Overflow”, Virus Bulletin, Sep. 2001, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 4-5.
Nachenberg, C., “A New Technique for Detecting Polymorphic Computer Viruses”, University of California, Los Angeles, 1995.
“INFO: CreateFileMapping( )SEC ★ Flags”, pp. 1-2 [online]. Retrieved on Sep. 24, 2003. Retrieved from the Internet: <URL:http://support.Microsoft.com/default.aspx?scid=http://support.Microsoft.com:80/support/kb/articles/Q108/2/31.asp&NoWebContent=1> No author provided.
“CreateFileMapping”, pp. 1-5 [online]. Retrieved on Sep. 10, 2003. Retrieved from the Internet: <URL:http://msdn.Microsoft.com/library/en-us/fileio/base/createfilemapping.asp?frame=true> No author provided.

Szor Peter

Inventor

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Baum Ronald

Examiner

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Gunnison McKay & Hodgson, L.L.P.

Law Firm

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Hodgson Serge J.

Attorney

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Moazzami Nasser

Examiner

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Symantec Corporation

Corporate Assignee

  [ 0.00 ] – not rated yet Voters 0   Comments 0

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Send blocking system and method does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Send blocking system and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Send blocking system and method will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3870047

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

 Charities
 Companies
 MP Candidates
 Patents
 Employee Salary Disclosure

World

 Places of the World
 Scientific Papers

United States

 Banks
 Companies
 Counties
 Patents
 Employee Salary Disclosure