| 发明名称 | Systems and methods for malware detection and scanning | ||
| 摘要 | Systems and methods are provided for malware scanning and detection in a computing system. In one exemplary embodiment, the method includes launching, in a computing device of the computing system, a virtual machine, and launching, in the virtual machine of the computing device, an internet browser. The method also includes requesting, by the internet browser, data from a web page, and performing, using one or more analysis tools, analysis on the web page. In the method, performing analysis on the web page includes performing monitoring and recording of system application programming interface (API) calls, and creating software objects associated with the web page. The method also includes performing antivirus scanning of the software objects, de-obfuscating JavaScript associated with the software objects, and correlating data associated with the performed analysis to determine if the web page is a malicious web page. | ||
| 申请公布号 | US8832836(B2) | 申请公布日期 | 2014.09.09 |
| 申请号 | US201012982508 | 申请日期 | 2010.12.30 |
| 申请人 | Verisign, Inc. | 发明人 | Thomas Ralph;LaPilla Michael;Tonn Trevor;Sinclair Gregory;Hartstein Blake;Cote Matthew |
| 分类号 | G06F21/56 | 主分类号 | G06F21/56 |
| 代理机构 | MH2 Technology Law Group LLP | 代理人 | MH2 Technology Law Group LLP |
| 主权项 | 1. A computer-implemented method operating in a computing device, the method comprising: receiving, at the computing device, a malware scan request comprising a type and version of an internet browser and one or more parameters, the one or more parameters comprising target uniform resource (URIs), uniform resource locators (URLs), and/or uniform resource names (URNs) used to identify web pages upon which malware scanning is to be performed; launching, in the computing device, a virtual machine in response to the received malware scan request; launching, in the virtual machine of the computing device and in response to the received malware scan request, an internet browser of the type and version; requesting, by the internet browser in the virtual machine and in response to the received malware scan request, data from the web page, over a network; performing, in the virtual machine of the computing device, analysis on the web page using one or more analysis tools, wherein performing the analysis includes: performing monitoring and recording of system application programming interface (API) calls,creating software objects associated with the web page,performing antivirus scanning of the software objects, andde-obfuscating code associated with the software objects; and correlating data associated with the analysis that is performed to determine if the web page is a malicious web page. | ||
| 地址 | Reston VA US | ||