Automated sample creation of polymorphic and non-polymorphic marcro viruses
March 12, 2018. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.Patent ReferencesMethod and apparatus for detection of computer viruses Automatic immune system for computers and computer networks Methods and apparatus for evaluating and extracting signatures of computer viruses and other undesirable software entities Automatic analysis of a computer virus structure and means of attachment to its hosts Discrimination of malicious changes to digital information using multiple signatures Generic disinfection of programs infected with a computer virus Polymorphic virus detection module Computer virus trap System, apparatus and method for the detection and removal of viruses in macros Detection and elimination of macro viruses InventorsApplicationNo. 041493 filed on 03/12/1998US Classes:714/38, Of computer software714/26, Artificial intelligence (e.g., diagnostic expert system)717/127Monitoring program executionExaminersPrimary: Beausoliel, Robert W. Jr.Assistant: Weir, James G. Attorney, Agent or FirmInternational ClassesG06F 011/00G06F 013/00 AbstractDisclosed is a system and method for automatically generating at least one instance of a computer macro virus that is native to or associated with an application. The method includes steps of (a) providing a suspect virus sample; and (b) replicating the suspect virus sample onto a least one goat file, using at least one of simulated user input or interprocess communication commands for exercising the goat file through the application, to generate an infected goat file. A further step can be executed of (c) replicating the infected goat file onto a least one further goat file, using at least one of simulated user input, such as keystrokes, mouse clicks and the like, or interprocess communication commands, to generate an additional instance of an infected goat file. The step of providing includes a step of determining attributes of the suspect virus sample, and the steps of exercising employ simulated user input or interprocess communication commands that are selected based at least in part on the determined attributes. As a parallel process the steps of exercising include steps of detecting an occurrence of a window, such as a pop-up window that is opened by one of the application or the macro virus; and using at least one of simulated user input or interprocess communication command(s) for closing the opened window. In this manner the replication process is not halted by a window that requires input from a user.Other References
Field of SearchSubstituted emulative component (e.g., emulator microprocessor)Artificial intelligence (e.g., diagnostic expert system) Derived from analysis (e.g., of a specification or by stimulation) For reliability enhancing component (e.g., testing backup spare, or fault injection) Software program (i.e., performance prediction) | |
