| 发明名称 | Method and system for proactive detection of malicious shared libraries via a remote reputation system | ||
| 摘要 | A method for proactively detecting shared libraries suspected of association with malware includes the steps of determining one or more shared libraries loaded on an electronic device, determining that one or more of the shared libraries include suspicious shared libraries by determining that the shared library is associated with indications that the shared library may have been maliciously injected, loaded, and/or operating on the electronic device, and identifying the suspicious shared libraries to a reputation server. | ||
| 申请公布号 | US8955131(B2) | 申请公布日期 | 2015.02.10 |
| 申请号 | US201012695005 | 申请日期 | 2010.01.27 |
| 申请人 | McAfee Inc. | 发明人 | Sallam Ahmed Said |
| 分类号 | G06F21/00;G06F21/56 | 主分类号 | G06F21/00 |
| 代理机构 | Baker Botts L.L.P. | 代理人 | Baker Botts L.L.P. |
| 主权项 | 1. A method for proactively detecting shared libraries suspected of association with malware, comprising the steps of: determining one or more shared libraries loaded on an electronic device; determining that one or more of the shared libraries comprise suspicious shared libraries by determining that the shared library is associated with indications in memory that the shared library was maliciously injected on the electronic device, including: determining that the shared library is not identified in a list of trusted modules or in a list of malware;determining whether a hook points to the shared library; anddetermining whether the shared library is associated with an open network port of the electronic device; and identifying the suspicious shared libraries to a reputation server, including: identifying any executable objects that include the hook that points to the suspicious shared library; andidentifying any executable objects that are associated with the open network port of the electronic device. | ||
| 地址 | Sanata Clara CA US | ||