Detecting computer security threats in electronic documents based on structure

摘要

In an embodiment, a method providing an improvement in remediating vulnerabilities in computer security comprising: receiving, using a network tap of a sensor computer that is coupled to a compromised computer, a communication packet that was sent from the compromised computer to a target computer; using the sensor computer, determining that the target computer is one of a plurality of enterprise computers; reading, at the sensor computer, a plurality of fields within a header of the communication packet; and performing a remediation measure by generating a header of an action packet, wherein the header comprises duplicates of at least some fields of the plurality of fields so as to appear to be generated by the target computer, generating a payload of the action packet, and sending the action packet comprising the generated header and the generated payload to the compromised computer.

主权项

1. A method providing an improvement in remediating malware attacks in computer security, comprising:
receiving, using a network tap of a sensor computer that is coupled to and co-located with a compromised computer that hosts or executes malware, a communication packet that was sent from the compromised computer to a target computer and allowed to pass to the target computer; reading, at the sensor computer, a plurality of fields within a header of the communication packet; using the sensor computer, determining that the target computer is one of a plurality of enterprise computers eligible for remediation; performing, using the sensor computer, a remediation measure by generating a header of an action packet, wherein the header comprises duplicates of at least some fields of the plurality of fields so as to appear to be generated by the target computer, generating a payload of the action packet, and sending the action packet comprising the generated header and the generated payload to the compromised computer.