System and method for scanning obfuscated files for pestware
US7349931B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 14, 2005 |
| Grant date | Mar 25, 2008 |
| Priority date | — |
| Expiry date | Jul 2, 2025 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/562
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Systems and methods for managing multiple related pestware processes on a protected computer are described. In one implementation, a plurality of files in a file storage device of a protected computer are scanned and obfuscated files are identified from among the plurality of files. To identify whether the obfuscated file is a pestware file, one or more potential pestware processes are identified as being associated with the obfuscated file, and the one or more associated process are scanned so as to determine whether the processes, and hence, the obfuscated file, are pestware. In variations, the obfuscated file is analyzed to identify the start address of the associated one or more processes, and the start address is utilized as a reference point from which information located at one or more offsets from the start address is analyzed so as to determine whether the one or more processes are known pestware.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.