Generic RootKit detector
US7647636B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 24, 2005 |
| Grant date | Jan 12, 2010 |
| Priority date | — |
| Expiry date | Feb 5, 2028 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A generic RootKit detector is disclosed that identifies when a malware, commonly known as RootKit, is resident on a computer. In one embodiment, the generic RootKit detector performs a method that compares the properties of different versions of a library used by the operating system to provide services to an application program. In this regard, when a library is loaded into memory, an aspect of the generic RootKit detector compares two versions of the library; a potentially infected version in memory and a second version stored in a protected state on a storage device. If certain properties of the first version of the library are different from the second version, a determination is made that a RootKit is infection the computer.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.