| 发明名称 | User interface based malware detection | ||
| 摘要 | Malware with fake or misleading anti-malware user interfaces (UIs) are detected. Processes running on a computer system are monitored and their window creation events are detected. The structures of the created windows are retrieved to detect presence of UI features that are commonly presented in known fake or misleading anti-malware UIs (“fakeAVUIs”). If a window includes a UI feature commonly presented in known fakeAVUIs, that window is determined suspicious and additional tests are applied to determine the validity of information in the window. If the information in the window is determined invalid, then the process that created the window is determined to be malware and a remediating action is applied to the process. | ||
| 申请公布号 | US8776227(B1) | 申请公布日期 | 2014.07.08 |
| 申请号 | US201012968206 | 申请日期 | 2010.12.14 |
| 申请人 | Symantec Corporation | 发明人 | Glick Adam L.;Smith Spencer;Graf Nicholas R. |
| 分类号 | G06F11/00;G06F12/14;G06F12/16;G08B23/00 | 主分类号 | G06F11/00 |
| 代理机构 | Fenwick & West LLP | 代理人 | Fenwick & West LLP |
| 主权项 | 1. A computer-implemented method for detecting malware on a computer system, comprising: detecting a window created by a process running on the computer system; determining whether the window may be a fake anti-malware user interface (UI) based on whether the window comprises a scan dialog including a scan progress bar indicating that a file scan is in progress; responsive to determining that the window may be a fake anti-malware UI, determining whether information displayed in the window is valid by determining whether the indicated file scan is in progress; and responsive to a determination that the information displayed in the window is invalid, classifying the process as malware and applying a remediating action to the process. | ||
| 地址 | Mountain View CA US | ||