Bypassing software services to detect malware
US7757290B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 30, 2006 |
| Grant date | Jul 13, 2010 |
| Priority date | — |
| Expiry date | Sep 13, 2028 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/567
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method, apparatus, and computer readable medium are provided by aspects of the present invention to determine whether a malware is resident on a host computer. In one embodiment, a method determines whether data that is characteristic of malware is loaded in the system memory of a host computer. More specifically, the method includes causing a device communicatively connected to a host computer to issue a request to obtain data loaded in the system memory. Then, when the requested data is received, a determination is made regarding whether the data is characteristic of malware. Since, the method causes data to be obtained directly from system memory without relying on software services on the host computer, malware that employs certain stealth techniques will be identified.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.