Patent · US Active

Remediating malware infections through obfuscation

US8495741B1 · kind B1 · utility

15Cited by

1References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Timothy M. Naftel · Mountain View, US
Mark Kennedy · Redondo Beach, US
Adam Glick · Culver City, US

Key dates

Filing date	Mar 30, 2007
Grant date	Jul 23, 2013
Priority date	—
Expiry date	Sep 24, 2031

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/575
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A computer has a storage device that is infected with malicious software (malware). The malware uses stealth or rootkit techniques to hide itself in the storage device. A security module within the storage device detects the malware by comparing the files read from the storage device to those reported by the operating system. Upon detecting the malware, the security module prepares the computer for malware obfuscation by storing information describing the location of the malware, deploying an executable file, and configuring it to run on reboot. The executable file executes upon reboot and locates the data on the storage device associated with the malware. The executable file obfuscates the data so that the malware no longer loads at boot time, thereby disabling the rootkit technique. The computer reboots and the security module remediates the malware infection.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.