WO2006039352A3 - System and method for pestware detection - Google Patents

System and method for pestware detection Download PDF

Info

Publication number
WO2006039352A3
WO2006039352A3 PCT/US2005/034874 US2005034874W WO2006039352A3 WO 2006039352 A3 WO2006039352 A3 WO 2006039352A3 US 2005034874 W US2005034874 W US 2005034874W WO 2006039352 A3 WO2006039352 A3 WO 2006039352A3
Authority
WO
WIPO (PCT)
Prior art keywords
approved
destination address
protected computer
list
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2005/034874
Other languages
French (fr)
Other versions
WO2006039352A2 (en
Inventor
Steve Thomas
Michael P Greene
Bradley D Stowers
Kevin Barton
Jeffery Herman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Webroot Inc
Original Assignee
Webroot Software Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/956,573 external-priority patent/US7480683B2/en
Priority claimed from US10/956,574 external-priority patent/US7533131B2/en
Priority claimed from US10/956,578 external-priority patent/US20060085528A1/en
Application filed by Webroot Software Inc filed Critical Webroot Software Inc
Priority to EP05807702A priority Critical patent/EP1836577A2/en
Publication of WO2006039352A2 publication Critical patent/WO2006039352A2/en
Publication of WO2006039352A3 publication Critical patent/WO2006039352A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Catching Or Destruction (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Methods for monitoring network communications between a protected computer and a remotely-located computer such as a Web server are described. One embodiment is configured to intercept a data packet transmitted from a protected computer. This embodiment then compares the destination address of the data packet against a list of approved destination addresses. When the destination address is included in the list of approved destination addresses, then the packet is delivered to the destination address. If the packet is not addressed to an approved address, then it is evaluated for pestware traces. Embodiments of the invention can also be configured to monitor incoming traffic to a protected computer.
PCT/US2005/034874 2004-10-01 2005-09-28 System and method for pestware detection Ceased WO2006039352A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP05807702A EP1836577A2 (en) 2004-10-01 2005-09-28 System and method for pestware detection

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US10/956,578 2004-10-01
US10/956,574 2004-10-01
US10/956,573 US7480683B2 (en) 2004-10-01 2004-10-01 System and method for heuristic analysis to identify pestware
US10/956,573 2004-10-01
US10/956,574 US7533131B2 (en) 2004-10-01 2004-10-01 System and method for pestware detection and removal
US10/956,578 US20060085528A1 (en) 2004-10-01 2004-10-01 System and method for monitoring network communications for pestware

Publications (2)

Publication Number Publication Date
WO2006039352A2 WO2006039352A2 (en) 2006-04-13
WO2006039352A3 true WO2006039352A3 (en) 2006-08-31

Family

ID=36143025

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/034874 Ceased WO2006039352A2 (en) 2004-10-01 2005-09-28 System and method for pestware detection

Country Status (2)

Country Link
EP (1) EP1836577A2 (en)
WO (1) WO2006039352A2 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6633835B1 (en) * 2002-01-10 2003-10-14 Networks Associates Technology, Inc. Prioritized data capture, classification and filtering in a network monitoring environment
US20040034794A1 (en) * 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US20040143763A1 (en) * 1999-02-03 2004-07-22 Radatti Peter V. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer in instant messaging and peer-to-peer applications
US20040187023A1 (en) * 2002-08-30 2004-09-23 Wholesecurity, Inc. Method, system and computer program product for security in a global computer network transaction

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040143763A1 (en) * 1999-02-03 2004-07-22 Radatti Peter V. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer in instant messaging and peer-to-peer applications
US20040034794A1 (en) * 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US6633835B1 (en) * 2002-01-10 2003-10-14 Networks Associates Technology, Inc. Prioritized data capture, classification and filtering in a network monitoring environment
US20040187023A1 (en) * 2002-08-30 2004-09-23 Wholesecurity, Inc. Method, system and computer program product for security in a global computer network transaction

Also Published As

Publication number Publication date
WO2006039352A2 (en) 2006-04-13
EP1836577A2 (en) 2007-09-26

Similar Documents

Publication Publication Date Title
Farrell et al. Pervasive monitoring is an attack
WO2008052128A3 (en) Detecting and preventing man-in-the middle phishing attacks
WO2004095281A3 (en) System and method for network quality of service protection on security breach detection
WO2021008028A1 (en) Network attack source tracing and protection method, electronic device and computer storage medium
US10701076B2 (en) Network management device at network edge for INS intrusion detection based on adjustable blacklisted sources
WO2008063343A3 (en) Methods and apparatus for detecting unwanted traffic in one or more packet networks utilizing string analysis
WO2007084973A3 (en) Network security system and method
WO2005107296A3 (en) Network security system
WO2006063003A3 (en) Network and application attack protection based on application layer message inspection
WO2008035318A3 (en) System and method of securely processing lawfully intercepted network traffic
WO2009047065A4 (en) Methods, apparatuses, system, and related computer program product for policy control
WO2007143717A3 (en) Methods, computer readable medium and apparatus for using short addresses in a communication system
WO2007026263A3 (en) Routing configuration validation apparatus and methods
WO2006023829A3 (en) System, method and apparatus for traffic mirror setup, service and security in communication networks
WO2007106687A3 (en) Role aware network security enforcement
WO2007103338A3 (en) Technique for processing data packets in a communication network
WO2009107115A3 (en) Malware detection system and method
WO2005029215A3 (en) Method of controlling communication between devices in a network and apparatus for the same
WO2007097958A3 (en) Method for route optimization aud location privacy in mobile ip
WO2008052291A3 (en) System and process for detecting anomalous network traffic
WO2005036339A3 (en) System and method for dynamic distribution of intrusion signatures
WO2009031453A1 (en) Network security monitor apparatus and network security monitor system
EP1523149A3 (en) Encryption error monitoring system and method for packet transmission
WO2007120313A3 (en) Insider attack defense for network client validation of network management frames
WO2006019701A3 (en) Inline intrusion detection using a single physical port

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2005807702

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2005807702

Country of ref document: EP