WO2006039352A3 - System and method for pestware detection - Google Patents

System and method for pestware detection Download PDF

Info

Publication number
WO2006039352A3
WO2006039352A3 PCT/US2005/034874 US2005034874W WO2006039352A3 WO 2006039352 A3 WO2006039352 A3 WO 2006039352A3 US 2005034874 W US2005034874 W US 2005034874W WO 2006039352 A3 WO2006039352 A3 WO 2006039352A3
Authority
WO
WIPO (PCT)
Prior art keywords
approved
destination address
protected computer
list
address
Prior art date
Application number
PCT/US2005/034874
Other languages
French (fr)
Other versions
WO2006039352A2 (en
Inventor
Steve Thomas
Michael P Greene
Bradley D Stowers
Kevin Barton
Jeffery Herman
Original Assignee
Webroot Software Inc
Steve Thomas
Michael P Greene
Bradley D Stowers
Kevin Barton
Jeffery Herman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/956,573 external-priority patent/US7480683B2/en
Priority claimed from US10/956,578 external-priority patent/US20060085528A1/en
Priority claimed from US10/956,574 external-priority patent/US7533131B2/en
Application filed by Webroot Software Inc, Steve Thomas, Michael P Greene, Bradley D Stowers, Kevin Barton, Jeffery Herman filed Critical Webroot Software Inc
Priority to EP05807702A priority Critical patent/EP1836577A2/en
Publication of WO2006039352A2 publication Critical patent/WO2006039352A2/en
Publication of WO2006039352A3 publication Critical patent/WO2006039352A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

Methods for monitoring network communications between a protected computer and a remotely-located computer such as a Web server are described. One embodiment is configured to intercept a data packet transmitted from a protected computer. This embodiment then compares the destination address of the data packet against a list of approved destination addresses. When the destination address is included in the list of approved destination addresses, then the packet is delivered to the destination address. If the packet is not addressed to an approved address, then it is evaluated for pestware traces. Embodiments of the invention can also be configured to monitor incoming traffic to a protected computer.
PCT/US2005/034874 2004-10-01 2005-09-28 System and method for pestware detection WO2006039352A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP05807702A EP1836577A2 (en) 2004-10-01 2005-09-28 System and method for pestware detection

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US10/956,573 US7480683B2 (en) 2004-10-01 2004-10-01 System and method for heuristic analysis to identify pestware
US10/956,578 US20060085528A1 (en) 2004-10-01 2004-10-01 System and method for monitoring network communications for pestware
US10/956,578 2004-10-01
US10/956,573 2004-10-01
US10/956,574 2004-10-01
US10/956,574 US7533131B2 (en) 2004-10-01 2004-10-01 System and method for pestware detection and removal

Publications (2)

Publication Number Publication Date
WO2006039352A2 WO2006039352A2 (en) 2006-04-13
WO2006039352A3 true WO2006039352A3 (en) 2006-08-31

Family

ID=36143025

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/034874 WO2006039352A2 (en) 2004-10-01 2005-09-28 System and method for pestware detection

Country Status (2)

Country Link
EP (1) EP1836577A2 (en)
WO (1) WO2006039352A2 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6633835B1 (en) * 2002-01-10 2003-10-14 Networks Associates Technology, Inc. Prioritized data capture, classification and filtering in a network monitoring environment
US20040034794A1 (en) * 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US20040143763A1 (en) * 1999-02-03 2004-07-22 Radatti Peter V. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer in instant messaging and peer-to-peer applications
US20040187023A1 (en) * 2002-08-30 2004-09-23 Wholesecurity, Inc. Method, system and computer program product for security in a global computer network transaction

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040143763A1 (en) * 1999-02-03 2004-07-22 Radatti Peter V. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer in instant messaging and peer-to-peer applications
US20040034794A1 (en) * 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US6633835B1 (en) * 2002-01-10 2003-10-14 Networks Associates Technology, Inc. Prioritized data capture, classification and filtering in a network monitoring environment
US20040187023A1 (en) * 2002-08-30 2004-09-23 Wholesecurity, Inc. Method, system and computer program product for security in a global computer network transaction

Also Published As

Publication number Publication date
EP1836577A2 (en) 2007-09-26
WO2006039352A2 (en) 2006-04-13

Similar Documents

Publication Publication Date Title
WO2021008028A1 (en) Network attack source tracing and protection method, electronic device and computer storage medium
Farrell et al. Pervasive monitoring is an attack
WO2008052128A3 (en) Detecting and preventing man-in-the middle phishing attacks
WO2004095281A3 (en) System and method for network quality of service protection on security breach detection
WO2007100388A3 (en) Techniques for network protection based on subscriber-aware application proxies
WO2005107296A3 (en) Network security system
WO2007084973A3 (en) Network security system and method
WO2008063343A3 (en) Methods and apparatus for detecting unwanted traffic in one or more packet networks utilizing string analysis
WO2006063003A3 (en) Network and application attack protection based on application layer message inspection
WO2009047065A4 (en) Methods, apparatuses, system, and related computer program product for policy control
WO2007143717A3 (en) Methods, computer readable medium and apparatus for using short addresses in a communication system
WO2007026263A3 (en) Routing configuration validation apparatus and methods
WO2008012792A3 (en) A method and system for detection of nat devices in a network
WO2006023829A3 (en) System, method and apparatus for traffic mirror setup, service and security in communication networks
WO2007106687A3 (en) Role aware network security enforcement
WO2007121361A3 (en) Malicious attack detection system and an associated method of use
WO2005029215A3 (en) Method of controlling communication between devices in a network and apparatus for the same
WO2009107115A3 (en) Malware detection system and method
WO2008052291A3 (en) System and process for detecting anomalous network traffic
WO2003073724A3 (en) System and method for detecting and eliminating ip spoofing in a data transmission network
US20170208083A1 (en) Network management device at network edge
WO2009031453A1 (en) Network security monitor apparatus and network security monitor system
JP2009504100A (en) Method of defending against DoS attack by target victim self-identification and control in IP network
WO2019021404A1 (en) Network monitor
WO2006138526A3 (en) Method and apparatus for reducing spam on peer-to-peer networks

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2005807702

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2005807702

Country of ref document: EP