Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2005-04-14
2009-08-04
Dada, Beemnet W (Department: 2435)
Information security
Monitoring or scanning of software or data including attack...
Reexamination Certificate
active
07571476
ABSTRACT:
Systems and methods for managing multiple related pestware processes on a protected computer are described. One embodiment is configured to identify a location of each of a plurality of files in at least one file storage device of the protected computer and store a list of the location of each of the plurality of files. The list of the plurality of files is then sorted so as to generate a sorted list. Each of the plurality of files is then sequentially accessed as listed in the sorted list so as to retrieve information from each of the plurality of files. Information from the plurality of files is then analyzed to determine whether any of the plurality of files are potential pestware files. In variations, the files in the file storage device are enumerated, and information from the files is accessed, by circumventing the operating system of the protected computer.
REFERENCES:
patent: 5442669 (1995-08-01), Medin
patent: 5485575 (1996-01-01), Chess et al.
patent: 5696822 (1997-12-01), Nachenberg
patent: 5826013 (1998-10-01), Nachenberg
patent: 6192512 (2001-02-01), Chess
patent: 6253258 (2001-06-01), Cohen
patent: 6357008 (2002-03-01), Nachenberg
patent: 6457174 (2002-09-01), Kuroda et al.
patent: 6681972 (2004-01-01), Tapocik
patent: 6735703 (2004-05-01), Kilpatrick et al.
patent: 6775780 (2004-08-01), Muttik
patent: 6851057 (2005-02-01), Nachenberg
patent: 6931540 (2005-08-01), Edwards et al.
patent: 6971019 (2005-11-01), Nachenberg
patent: 6973577 (2005-12-01), Kouznetsov
patent: 6973578 (2005-12-01), McIchionc
patent: 7150045 (2006-12-01), Koelle et al.
patent: 7155742 (2006-12-01), Szor
patent: 7171690 (2007-01-01), Kouznetsov et al.
patent: 7178166 (2007-02-01), Taylor et al.
patent: 7216367 (2007-05-01), Szor
patent: 2002/0120871 (2002-08-01), Watkins et al.
patent: 2003/0023865 (2003-01-01), Cowie et al.
patent: 2003/0046558 (2003-03-01), Teblyashkin et al.
patent: 2003/0074573 (2003-04-01), Hursey et al.
patent: 2003/0110391 (2003-06-01), Wolff et al.
patent: 2003/0115479 (2003-06-01), Edwards et al.
patent: 2003/0120952 (2003-06-01), Tarbotton et al.
patent: 2003/0212902 (2003-11-01), van der Made
patent: 2003/0217286 (2003-11-01), Carmona et al.
patent: 2003/0233566 (2003-12-01), Kouznetsov et al.
patent: 2004/0015712 (2004-01-01), Szor
patent: 2004/0030912 (2004-02-01), Merkle et al.
patent: 2004/0068664 (2004-04-01), Nachenberg et al.
patent: 2004/0199827 (2004-10-01), Muttik et al.
patent: 2004/0243829 (2004-12-01), Jordan
patent: 2004/0255165 (2004-12-01), Szor
patent: 2005/0021994 (2005-01-01), Barton et al.
patent: 2005/0039029 (2005-02-01), Shipp
patent: 2005/0055558 (2005-03-01), Carmona
patent: 2005/0071649 (2005-03-01), Shipp
patent: 2005/0154900 (2005-07-01), Muttik
patent: 2005/0172337 (2005-08-01), Bodorin et al.
patent: 2005/0172338 (2005-08-01), Sandu et al.
patent: 2005/0188272 (2005-08-01), Bodorin et al.
patent: 2005/0223238 (2005-10-01), Schmid et al.
patent: 2005/0262567 (2005-11-01), Carmona
patent: 2005/0268112 (2005-12-01), Wang et al.
patent: 2005/0268338 (2005-12-01), Made
patent: 2005/0278783 (2005-12-01), Chien et al.
patent: 2005/0278785 (2005-12-01), Lieberman
patent: 2005/0283838 (2005-12-01), Saito
patent: 2006/0112235 (2006-05-01), Cabot et al.
patent: 2006/0123244 (2006-06-01), Gheorghescu et al.
patent: 2006/0200863 (2006-09-01), Ray et al.
International Search Report, PCT/US 06/14004, Jan. 22, 2007.
Office Action dated Dec. 19, 2007 for U.S. Appl. No. 11/105,978.
Linn, et al., Obfuscation of Executable Code to Improve Resistance to Static Disassembly, 2003, ACM, pp. 290-299.
Dimva 2005 (2005 : Vienna, Austria), Detection of intrusions and malware, and vulnerability assessment : second international conference, DIMVA 2005, Vienna, Austria, Jul. 7-8, 2005 : proceedings / Klaus Julisch, Christopher Kruegel (eds.). Berlin ; New York : Springer, 2005. x, 240 p. ill. ; 24 cm. pp. 1-18, 174-187.
Tittel, Ed., PC magazine fighting spyware, viruses, and malware / Ed Tittel. Indianapolis, IN : Wiley Pub., c2005. xv, 367 p. ill. ; 24 cm. pp. 328-330, 334-335.
Skoudis, Ed., Malware : fighting malicious code / Ed Skoudis with Lenny Zeltser. NJ : Prentice Hall Professional Technical Reference, c2004. xxii, 647 p. ill, ; 24 cm. pp. 590-601, 615-618.
Milenkovic' et al., “Using instruction block signatures to counter code injection attacks” (article)., ACM SIGARCH Computer Architecture News archive, vol. 33, Issue 1 (Mar. 2005). Special issue: Workshop on architectural support for security and antivirus (WASSA) table of contents, pp. 108-117 Year of Publication: 2005 ISSN:0163-5964. ACM Press. New York, NY.
Rabek et al, “Detection of injected, dynamically generated, and obfuscated malicious code” Source Workshop on Rapid malcode archive; Proceedings of the 2003 ACM workshop on Rapid malcode table of contents Washington, DC, USA Session: Defensive technology pp. 76-82 Year of Publication: 2003 ISBN:1-58113-785-0 Sponsors—SIGSAC: ACM Special Interest Group on Security, Audit, and Control ACM: Association for Computing Machinery. ACM Press New York, NY.
Whittaker et al., “Neutralizing windows-based malicious mobile code”, Symposium on Applied Computing archive Proceedings of the 2002 ACM symposium on Applied computing, Madrid, Spain. Session: Computer security table of contents pp. 242-246 Year of Publication: 2002 ISBN:1-58113-445-2. Sponsor: SIGAPP: ACM Special Interest Group on Applied Computing. ACM Press,New York, NY.
Singh et al., “Analysis and detection of computer viruses and worms: an annotated bibliography”, ACM SIGPLAN Notices archive, vol. 37, Issue 2 (Feb. 2002) Column: Technical correspondence, pp. 29-35, ISSN:0362-1340, ACM Press New York, NY, USA.
Nachenberg, “Computer virus-antivirus coevolution”, Communications of the ACM archive. vol. 40, Issue 1 (Jan. 1997), pp. 46-51, ISSN:0001-0782 Symantec Antivirus Research Center, Symantec Corp., Santa Monica, Calif. ACM Press New York, NY.
Erbschloe, Trojans, Worms, and Spyware: A Computer Security Professional's Guide to Malicious Code, MA: Elsevier Butterworth-Heinemann, 2005. pp. 185-189.
Harley, et al., Viruses Revealed, CA: Osborne/McGraw-Hill Publishers, 2001. pp. 219-225, 228-229.
List of Several Anti-Spyware Vendors/Producers appearing prominently on the Internet (current date).
Office Action Dated Dec. 28, 2007 for U.S. Appl. No. 11/105,977.
Office Action dated Apr. 6, 2007 for U.S. Appl. No. 11/105,977.
Notice of Allowance dated Oct. 4, 2007 for U.S. Appl. No. 11/105,978.
International Search Report; PCT/US2006/014003.
International Search Report and Written Opinion, PCT/US06/14405, Nov. 29, 2007.
Dada Beemnet W
Faegre & Benson LLP
Webroot Software, Inc.
LandOfFree
System and method for scanning memory for pestware does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for scanning memory for pestware, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for scanning memory for pestware will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4106968