Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2011-06-28
2011-06-28
Patel, Nirav B (Department: 2435)
Information security
Monitoring or scanning of software or data including attack...
C713S188000, C726S023000, C726S024000
Reexamination Certificate
active
07971249
ABSTRACT:
Systems and methods for managing pestware processes on a protected computer are described. In one implementation, a reference point in the executable memory that is associated with a process running in the executable memory is located. A first and second sets of information from corresponding first and second portions of the executable memory are then retrieved. The first and second portions of the executable memory are separated by a defined offset, and each of the first and second portions of the executable memory are offset from the reference point. The process is identifiable as a particular type of pestware when the first and second sets of information each include information previously found to be separated by the defined offset in other processes that are of the particular type of pestware. In some variations, the reference point is a starting address and/or an API implementation in the process.
REFERENCES:
patent: 5442669 (1995-08-01), Medin
patent: 5485575 (1996-01-01), Chess et al.
patent: 5696822 (1997-12-01), Nachenberg
patent: 5826013 (1998-10-01), Nachenberg
patent: 6192512 (2001-02-01), Chess
patent: 6253258 (2001-06-01), Cohen
patent: 6357008 (2002-03-01), Nachenberg
patent: 6457174 (2002-09-01), Kuroda
patent: 6681972 (2004-01-01), Tapocik
patent: 6735703 (2004-05-01), Kilpatrick
patent: 6775780 (2004-08-01), Muttik
patent: 6851057 (2005-02-01), Nachenberg
patent: 6931540 (2005-08-01), Edwards
patent: 6971019 (2005-11-01), Nachenberg
patent: 6973577 (2005-12-01), Kouznetsov
patent: 6973578 (2005-12-01), McIchionc
patent: 7150045 (2006-12-01), Koelle
patent: 7155742 (2006-12-01), Szor
patent: 7171690 (2007-01-01), Kouznetsov
patent: 7178166 (2007-02-01), Taylor
patent: 7216367 (2007-05-01), Szor
patent: 7349931 (2008-03-01), Horne
patent: 7571476 (2009-08-01), Horne
patent: 7591016 (2009-09-01), Horne
patent: 2002/0120871 (2002-08-01), Watkins
patent: 2003/0023865 (2003-01-01), Cowie
patent: 2003/0046558 (2003-03-01), Teblyashkin
patent: 2003/0074573 (2003-04-01), Hursey
patent: 2003/0110391 (2003-06-01), Wolff
patent: 2003/0115479 (2003-06-01), Edwards
patent: 2003/0120952 (2003-06-01), Tarbotton
patent: 2003/0212902 (2003-11-01), Made van der
patent: 2003/0217286 (2003-11-01), Carmona
patent: 2003/0233566 (2003-12-01), Kouznetsov
patent: 2004/0015712 (2004-01-01), Szor
patent: 2004/0030912 (2004-02-01), Merkle
patent: 2004/0068664 (2004-04-01), Nachenberg
patent: 2004/0199827 (2004-10-01), Muttik
patent: 2004/0243829 (2004-12-01), Jordan
patent: 2004/0255165 (2004-12-01), Szor
patent: 2005/0021994 (2005-01-01), Barton
patent: 2005/0039029 (2005-02-01), Shipp
patent: 2005/0055558 (2005-03-01), Carmona
patent: 2005/0071649 (2005-03-01), Shipp
patent: 2005/0154900 (2005-07-01), Muttik
patent: 2005/0172337 (2005-08-01), Bodorin
patent: 2005/0172338 (2005-08-01), Sandu
patent: 2005/0188272 (2005-08-01), Bodorin
patent: 2005/0223238 (2005-10-01), Schmid
patent: 2005/0262567 (2005-11-01), Carmona
patent: 2005/0268112 (2005-12-01), Wang
patent: 2005/0268338 (2005-12-01), Made van der
patent: 2005/0278783 (2005-12-01), Chien
patent: 2005/0278785 (2005-12-01), Lieberman
patent: 2005/0283838 (2005-12-01), Saito
patent: 2006/0112235 (2006-05-01), Cabot
patent: 2006/0123244 (2006-06-01), Gheorghescu
patent: 2006/0200863 (2006-09-01), Ray et al.
DIMVA 2005 (2005 : Vienna, Austria), Detection of intrusions and malware, and vulnerability assessment : second international conference, DIMVA 2005, Vienna, Austria, Jul. 7-8, 2005 : proceedings / Klaus Julisch, Christopher Kruegel (eds.). Berlin ; New York : Springer, 2005. x, 240 p. : ill. ; 24 cm. pp. 1-18, 174-187.
Erbschloe, Trojans, Worms, and Spyware: A Computer Security Professional's Guide to Malicious Code, MA: Elsevier Butterworth-Heinemann, 2005. pp. 185-189.
Harley, et al., Viruses Revealed, CA: Osborne/McGraw-Hill Publishers, 2001. pp. 219-225, 228-229.
Linn, et al., Obfuscation of Executable Code to Improve Resistance to Static Disassembly, 2003, ACM, pp. 290-299.
List of Several Anti-Spyware Vendors/Producers appearing prominently on the Internet (current date).
Milenkovic' et al., “Using instruction block signatures to counter code injection attacks” (article)., ACM SIGARCH Computer Architecture News archive, vol. 33, Issue 1 (Mar. 2005). Special issue: Workshop on architectural support for security and anti-virus (WASSA) table of contents, pp. 108-117 Year of Publication: 2005 ISSN:0163-5964. ACM Press. New York, NY.
Nachenberg, “Computer virus-antivirus coevolution”, Communications of the ACM archive. vol. 40, Issue 1 (Jan. 1997), pp. 46-51, ISSN:0001-0782 Symantec Antivirus Research Center, Symantec Corp., Santa Monica, Calif. ACM Press, New York, NY.
Rabek et al, “Detection of injected, dynamically generated, and obfuscated malicious code” Source Workshop on Rapid Malcode archive; Proceedings of the 2003 ACM workshop on Rapid malcode table of contents Washington, DC, USA Session: Defensive technology pp. 76-82 Year of Publication: 2003 ISBN:1-58113-785-0 Sponsors—SIGSAC: ACM Special Interest Group on Security, Audit, and Control, ACM Press, New York, NY.
Singh et al., “Analysis and detection of computer viruses and worms: an annotated bibliography”, ACM SIGPLAN Notices archive, vol. 37, Issue 2 (Feb. 2002) COLUMN: Technical correspondence, pp. 29-35, ISSN:0362-1340, ACM Press New York, NY, USA.
Skoudis, Ed., Malware : fighting malicious code / Ed Skoudis with Lenny Zeltser. NJ : Prentice Hall Professional Technical Reference, c2004. xxii, 647 p. : ill. ; 24 cm. pp. 590-601, 615-618.
Tittel, Ed., PC magazine fighting spyware, viruses, and malware / Ed Tittel. Indianapolis, IN : Wiley Pub., c2005. xv, 367 p. : ill. ; 24 cm. pp. 328-330, 334-335.
Whittaker et al., “Neutralizing windows-based malicious mobile code”, Symposium on Applied Computing archive Proceedings of the 2002 ACM symposium on Applied computing, Madrid, Spain. SESSION: Computer security table of contents pp. 242-246 Year of Publication: 2002 ISBN:1-58113-445-2. Sponsor: SIGAPP: ACM Special Interest Group on Applied Computing. ACM Press,New York, NY.
International Search Report dated Jul. 17, 2007 for PCT Application No. PCT/US 06/14003.
International Search Report dated Jan. 22, 2007 for PCT Application No. PCT/US 06/14004.
Office Action dated Apr. 6, 2007 for U.S. Appl. No. 11/105,977.
Office Action dated Sep. 20, 2007 for U.S. Appl. No. 11/106,122.
Notice of Allowance dated Oct. 4, 2007 for U.S. Appl. No. 11/105,978.
International Search Report dated Nov. 29, 2007 for PCT Application No. PCT/US 06/14405.
Office Action dated Dec. 19, 2007 for U.S. Appl. No. 11/105,978.
Office Action dated Dec. 28, 2007 for U.S. Appl. No. 11/105,977.
Notice of Allowance dated Mar. 5, 2009 for U.S. Appl. No. 11/106,122.
Notice of Allowance dated Jul. 28, 2009 for U.S. Appl. No. 11/105,977.
Faegre & Benson LLP
Patel Nirav B
Webroot Software, Inc.
LandOfFree
System and method for scanning memory for pestware offset... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for scanning memory for pestware offset..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for scanning memory for pestware offset... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2692981