User interface based malware detection

Invention Grant

US08776227B1 User interface based malware detection 有权

Title translation: 基于用户界面的恶意软件检测

Please log in to see more content

Patent Title: User interface based malware detection
Patent Title (中): 基于用户界面的恶意软件检测
Application No.: US12968206

Application Date: 2010-12-14
Publication No.: US08776227B1

Publication Date: 2014-07-08
Inventor: Adam L. Glick , Spencer Smith , Nicholas R. Graf
Applicant: Adam L. Glick , Spencer Smith , Nicholas R. Graf
Applicant Address: US CA Mountain View
Assignee: Symantec Corporation
Current Assignee: Symantec Corporation
Current Assignee Address: US CA Mountain View
Agency: Fenwick & West LLP
Main IPC: G06F11/00
IPC: G06F11/00 ; G06F12/14 ; G06F12/16 ; G08B23/00

Abstract:

Malware with fake or misleading anti-malware user interfaces (UIs) are detected. Processes running on a computer system are monitored and their window creation events are detected. The structures of the created windows are retrieved to detect presence of UI features that are commonly presented in known fake or misleading anti-malware UIs (“fakeAVUIs”). If a window includes a UI feature commonly presented in known fakeAVUIs, that window is determined suspicious and additional tests are applied to determine the validity of information in the window. If the information in the window is determined invalid, then the process that created the window is determined to be malware and a remediating action is applied to the process.

Abstract(Chinese):

检测到具有假或误导性的反恶意软件用户界面（UI）的恶意软件。监视在计算机系统上运行的进程，并检测其窗口创建事件。检索创建的窗口的结构以检测通常在已知的假的或误导的反恶意软件UI（“假的AVI”）中呈现的UI特征的存在。如果窗口包含通常在已知的假AVA中呈现的UI特征，则该窗口被确定为可疑，并且应用附加测试来确定窗口中的信息的有效性。如果窗口中的信息被确定为无效，则创建该窗口的进程被确定为恶意软件，并且将修复操作应用于该进程。

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F11/00	错误检测；错误校正；监控（在记录载体上作出核对其正确性的方法或装置入G06K5/00；基于记录载体和传感器之间的相对运动而实现的信息存储中所用的方法或装置入G11B，例如G11B20/18；静态存储中所用的方法或装置入G11C29/00）