Collecting and analyzing malware data

A malware and threat analysis technology, applied in the field of collecting and analyzing malware data, can solve problems such as non-receipt

Active Publication Date: 2011-08-17
MICROSOFT TECH LICENSING LLC
View PDF9 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The technician may also not receive a complete picture of the malware being analyzed because the malware expects a dedic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Collecting and analyzing malware data
  • Collecting and analyzing malware data
  • Collecting and analyzing malware data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0012] overview

[0013] A malware analysis system is described that provides information about malware execution history on client computers and allows automated back-end analysis for faster creation of signature signatures and removal instructions. The malware analysis system collects threat information on client computers and sends the threat information to a backend analysis component for automated analysis. For example, the system may collect URLs visited, user actions performed, files accessed, and other information about potential threats posed by malware. The system can trigger the collection of threat information when certain events occur, such as when an application attempts to access a website. The backend analysis component analyzes the threat information by comparing the threat information to information about known threats. For example, the backend analysis component can identify similar previous threats based on the threat information, and classify new threa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A malware analysis system is described that provides information about malware execution history on a client computer and allows automated back-end analysis for faster creation of identification signatures and removal instructions. The malware analysis system collects threat information on client computers and sends the threat information to a back-end analysis component for automated analysis. The back-end analysis component analyzes the threat information by comparing the threat information to information about known threats. The system builds a signature for identifying the threat family and a mitigation script for neutralizing the threat. The system sends the signature and mitigation data to client computers, which use the information to mitigate the threat. Thus, the malware analysis system detects and mitigates threats more quickly than previous systems by reducing the burden on technicians to manually create environments for reproducing the threats and manually analyze the threat behavior.

Description

Background technique [0001] Antivirus, antispyware, and other antimalware applications seek to protect client computers by identifying unwanted applications or other executable code and removing or at least neutralizing the harmful code. Current anti-malware applications (eg, Microsoft Windows Defender, Microsoft Forefront Client Security, Microsoft OneCare, Microsoft Exchange Server's Forefront Server, etc.) use a signature-based approach to detecting viruses, worms, and spyware. Signature-based approaches rely on one or more distinguishing characteristics of malware to provide positive identification so that anti-malware applications can remove it. For example, a specific malware application may have a specific filename, write specific values ​​to an operating system configuration database (e.g., Microsoft Windows Registry), or contain executable code with specific bytes (e.g., use CRC, password hashes, or other signature algorithm identification) [0002] Signature-based ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F15/16G06F21/00
CPCG06F21/552G06F21/568
Inventor A·波利亚科夫M·圣菲尔德J·J·莫迪N·孙T·李C·褚
Owner MICROSOFT TECH LICENSING LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap