Patent · US Active

User interface based malware detection

US8776227B1 · kind B1 · utility

31Cited by

0References

19Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Adam Glick · Culver City, US
Spencer Smith · El Segundo, US
Nicholas Graf · Austin, US

Key dates

Filing date	Dec 14, 2010
Grant date	Jul 8, 2014
Priority date	—
Expiry date	Oct 17, 2031

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/032
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Malware with fake or misleading anti-malware user interfaces (UIs) are detected. Processes running on a computer system are monitored and their window creation events are detected. The structures of the created windows are retrieved to detect presence of UI features that are commonly presented in known fake or misleading anti-malware UIs (“fakeAVUIs”). If a window includes a UI feature commonly presented in known fakeAVUIs, that window is determined suspicious and additional tests are applied to determine the validity of information in the window. If the information in the window is determined invalid, then the process that created the window is determined to be malware and a remediating action is applied to the process.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.