Patent · US Active

Detection of malicious modules injected on legitimate processes

US8572739B1 · kind B1 · utility

95Cited by

2References

10Claims

0Family size

Assignee

Trend Micro Incorporated · JP

Inventors

Marvin Ubaldo Cruz · Bulacan, PH
Michelle de la Pena Perona · Pasig, PH
Benjamin C. Rivera · Lake Oswego, US
Kerr Bryner Ang · Caloocan, PH

Key dates

Filing date	Oct 27, 2009
Grant date	Oct 29, 2013
Priority date	—
Expiry date	Jan 1, 2032

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A computer includes modules that provide a shared library of functions callable by processes or other modules. A malicious module in the computer may be identified by enumerating modules needed by a process to operate. Modules currently loaded in the memory of the computer are also enumerated. A suspect or suspicious module may be identified as currently being loaded in the memory of the computer but not needed by a process to operate. The suspicious module may be deemed malicious (i.e., having malicious code, such as a computer virus) if the suspicious module does not export or provide a function for sharing to be called by other modules or process.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.