Detecting malware in mixed content files
US9838418B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Mar 16, 2015 |
| Grant date | Dec 5, 2017 |
| Priority date | — |
| Expiry date | Jul 22, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/02
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Computer systems and methods in various embodiments are configured to determine whether a file is likely to be malware-free or include malware. In an embodiment, a computer system configured to improve security of client computers, and comprising: a memory; one or more processors coupled to the memory; a malware detection logic coupled to the memory and the one or more processors, and configured to: receive a first file from a viewer program that is executing on the client computer, wherein the first file is a mixed content file comprising a combination of both executable instructions and data in one or more formats, and/or one or more data sets stored in one or more other formats; determine that the first file is formatted according to a first specification and that the first specification is associated with one or more first malware tests of a plurality of malware tests, wherein each test in the plurality of malware tests is associated with a score; execute each test in the first one or more malware tests, and add, to a first total score, the score associated with the test if the first file satisfies the test; determine the first total score satisfies a first threshold, and in re…
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.