Patent · US Active

Using asynchronous changes to memory to detect malware

US8065736B2 · kind B2 · utility

0Cited by

3References

20Claims

0Family size

Assignee

Microsoft Corporation · US

Inventors

Neill M. Clift · Kirkland, US
Jonathan D. Morrison · North Bend, US

Key dates

Filing date	Jun 6, 2006
Grant date	Nov 22, 2011
Priority date	—
Expiry date	Mar 2, 2030

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/55
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A system and method for using asynchronous changes to memory to detect malware is disclosed. The technology initially receives a memory buffer location to be evaluated, the memory buffer location possibly having at least a portion of malware therein. The technology then performs a plurality of double fetches to the memory buffer location. The technology additionally compares a plurality of responses to the plurality of double fetches, wherein a plurality of similar responses to the plurality of double fetches indicates the portion of malware is not present and wherein at least two distinct responses to the plurality of double fetches indicates the portion of malware is present.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.