CN101350053A - 防止网页浏览器被漏洞利用的方法和装置 - Google Patents
防止网页浏览器被漏洞利用的方法和装置 Download PDFInfo
- Publication number
- CN101350053A CN101350053A CNA2007101624430A CN200710162443A CN101350053A CN 101350053 A CN101350053 A CN 101350053A CN A2007101624430 A CNA2007101624430 A CN A2007101624430A CN 200710162443 A CN200710162443 A CN 200710162443A CN 101350053 A CN101350053 A CN 101350053A
- Authority
- CN
- China
- Prior art keywords
- file
- browser
- module
- browser process
- leak
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (16)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007101624430A CN101350053A (zh) | 2007-10-15 | 2007-10-15 | 防止网页浏览器被漏洞利用的方法和装置 |
JP2010529220A JP2011501280A (ja) | 2007-10-15 | 2008-10-15 | ウェブブラウザの脆弱性が利用されることを防止する方法及び装置 |
US12/738,037 US20100306851A1 (en) | 2007-10-15 | 2008-10-15 | Method and apparatus for preventing a vulnerability of a web browser from being exploited |
PCT/CN2008/072699 WO2009049556A1 (fr) | 2007-10-15 | 2008-10-15 | Procédé et dispositif permettant d'empêcher l'utilisation de la faille de sécurité d'un navigateur |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007101624430A CN101350053A (zh) | 2007-10-15 | 2007-10-15 | 防止网页浏览器被漏洞利用的方法和装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101350053A true CN101350053A (zh) | 2009-01-21 |
Family
ID=40268840
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2007101624430A Pending CN101350053A (zh) | 2007-10-15 | 2007-10-15 | 防止网页浏览器被漏洞利用的方法和装置 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20100306851A1 (zh) |
JP (1) | JP2011501280A (zh) |
CN (1) | CN101350053A (zh) |
WO (1) | WO2009049556A1 (zh) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101820419A (zh) * | 2010-03-23 | 2010-09-01 | 北京大学 | 一种挂马网页中网页木马挂接点自动定位方法 |
CN102254112A (zh) * | 2011-06-13 | 2011-11-23 | 上海置水软件技术有限公司 | 一种安全浏览网页的方法 |
CN102332071A (zh) * | 2011-09-30 | 2012-01-25 | 奇智软件(北京)有限公司 | 发现疑似恶意信息、追踪恶意文件的方法及装置 |
CN102902919A (zh) * | 2012-08-30 | 2013-01-30 | 北京奇虎科技有限公司 | 一种可疑操作的识别处理方法、装置和系统 |
CN102916937A (zh) * | 2012-09-11 | 2013-02-06 | 北京奇虎科技有限公司 | 一种拦截网页攻击的方法、装置和客户端设备 |
CN102984134A (zh) * | 2012-11-12 | 2013-03-20 | 北京奇虎科技有限公司 | 安全防御系统 |
CN103617395A (zh) * | 2013-12-06 | 2014-03-05 | 北京奇虎科技有限公司 | 一种基于云安全拦截广告程序的方法、装置和系统 |
CN105574410A (zh) * | 2015-12-15 | 2016-05-11 | 北京金山安全软件有限公司 | 一种应用程序的安全检测方法及装置 |
CN106998335A (zh) * | 2017-06-13 | 2017-08-01 | 深信服科技股份有限公司 | 一种漏洞检测方法、网关设备、浏览器及系统 |
CN108768934A (zh) * | 2018-04-11 | 2018-11-06 | 北京立思辰新技术有限公司 | 恶意程序发布检测方法、装置以及介质 |
CN109284604A (zh) * | 2018-09-10 | 2019-01-29 | 中国联合网络通信集团有限公司 | 一种基于虚拟机的软件行为分析方法和系统 |
CN112800337A (zh) * | 2021-02-08 | 2021-05-14 | 联想(北京)有限公司 | 一种信息处理方法、装置、电子设备和计算机存储介质 |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB0513375D0 (en) | 2005-06-30 | 2005-08-03 | Retento Ltd | Computer security |
CN101350052B (zh) | 2007-10-15 | 2010-11-03 | 北京瑞星信息技术有限公司 | 发现计算机程序的恶意行为的方法和装置 |
CN101350054B (zh) | 2007-10-15 | 2011-05-25 | 北京瑞星信息技术有限公司 | 计算机有害程序自动防护方法及装置 |
US8863282B2 (en) * | 2009-10-15 | 2014-10-14 | Mcafee Inc. | Detecting and responding to malware using link files |
US8407790B2 (en) * | 2010-02-09 | 2013-03-26 | Webroot, Inc. | Low-latency detection of scripting-language-based exploits |
TWI435235B (zh) * | 2010-11-04 | 2014-04-21 | Inst Information Industry | 電腦蠕蟲治療系統以及方法以及儲存電腦蠕蟲治療方法之電腦可讀取記錄媒體 |
US10574630B2 (en) | 2011-02-15 | 2020-02-25 | Webroot Inc. | Methods and apparatus for malware threat research |
US8949803B2 (en) * | 2011-02-28 | 2015-02-03 | International Business Machines Corporation | Limiting execution of software programs |
US9652616B1 (en) * | 2011-03-14 | 2017-05-16 | Symantec Corporation | Techniques for classifying non-process threats |
CN102904874B (zh) * | 2012-08-23 | 2015-08-05 | 珠海市君天电子科技有限公司 | 一种跨服务器进行数据有效性校验的方法 |
WO2014143029A1 (en) * | 2013-03-15 | 2014-09-18 | Mcafee, Inc. | Generic privilege escalation prevention |
US20150113644A1 (en) * | 2013-10-21 | 2015-04-23 | Trusteer, Ltd. | Exploit Detection/Prevention |
US9697361B2 (en) * | 2015-07-06 | 2017-07-04 | AO Kaspersky Lab | System and method of controlling opening of files by vulnerable applications |
US10691808B2 (en) * | 2015-12-10 | 2020-06-23 | Sap Se | Vulnerability analysis of software components |
US10075456B1 (en) * | 2016-03-04 | 2018-09-11 | Symantec Corporation | Systems and methods for detecting exploit-kit landing pages |
US11741196B2 (en) | 2018-11-15 | 2023-08-29 | The Research Foundation For The State University Of New York | Detecting and preventing exploits of software vulnerability using instruction tags |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060075494A1 (en) * | 2004-10-01 | 2006-04-06 | Bertman Justin R | Method and system for analyzing data for potential malware |
US20070113078A1 (en) * | 2005-11-11 | 2007-05-17 | Witt Russell A | System and method for encrypting data without regard to application |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1282083C (zh) * | 2001-09-14 | 2006-10-25 | 北京瑞星科技股份有限公司 | 计算机内存病毒监控和带毒运行方法 |
US20040225877A1 (en) * | 2003-05-09 | 2004-11-11 | Zezhen Huang | Method and system for protecting computer system from malicious software operation |
US8332943B2 (en) * | 2004-02-17 | 2012-12-11 | Microsoft Corporation | Tiered object-related trust decisions |
US7409719B2 (en) * | 2004-12-21 | 2008-08-05 | Microsoft Corporation | Computer security management, such as in a virtual machine or hardened operating system |
CN100401224C (zh) * | 2005-06-23 | 2008-07-09 | 福建东方微点信息安全有限责任公司 | 计算机反病毒防护系统和方法 |
JP4733509B2 (ja) * | 2005-11-28 | 2011-07-27 | 株式会社野村総合研究所 | 情報処理装置、情報処理方法およびプログラム |
-
2007
- 2007-10-15 CN CNA2007101624430A patent/CN101350053A/zh active Pending
-
2008
- 2008-10-15 WO PCT/CN2008/072699 patent/WO2009049556A1/zh active Application Filing
- 2008-10-15 JP JP2010529220A patent/JP2011501280A/ja not_active Ceased
- 2008-10-15 US US12/738,037 patent/US20100306851A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060075494A1 (en) * | 2004-10-01 | 2006-04-06 | Bertman Justin R | Method and system for analyzing data for potential malware |
US20070113078A1 (en) * | 2005-11-11 | 2007-05-17 | Witt Russell A | System and method for encrypting data without regard to application |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101820419B (zh) * | 2010-03-23 | 2012-12-26 | 北京大学 | 一种挂马网页中网页木马挂接点自动定位方法 |
CN101820419A (zh) * | 2010-03-23 | 2010-09-01 | 北京大学 | 一种挂马网页中网页木马挂接点自动定位方法 |
CN102254112A (zh) * | 2011-06-13 | 2011-11-23 | 上海置水软件技术有限公司 | 一种安全浏览网页的方法 |
CN102332071B (zh) * | 2011-09-30 | 2014-07-30 | 奇智软件(北京)有限公司 | 发现疑似恶意信息、追踪恶意文件的方法及装置 |
CN102332071A (zh) * | 2011-09-30 | 2012-01-25 | 奇智软件(北京)有限公司 | 发现疑似恶意信息、追踪恶意文件的方法及装置 |
CN102902919A (zh) * | 2012-08-30 | 2013-01-30 | 北京奇虎科技有限公司 | 一种可疑操作的识别处理方法、装置和系统 |
CN102902919B (zh) * | 2012-08-30 | 2015-11-25 | 北京奇虎科技有限公司 | 一种可疑操作的识别处理方法、装置和系统 |
CN102916937B (zh) * | 2012-09-11 | 2015-11-25 | 北京奇虎科技有限公司 | 一种拦截网页攻击的方法、装置和客户端设备 |
CN102916937A (zh) * | 2012-09-11 | 2013-02-06 | 北京奇虎科技有限公司 | 一种拦截网页攻击的方法、装置和客户端设备 |
CN102984134B (zh) * | 2012-11-12 | 2015-11-25 | 北京奇虎科技有限公司 | 安全防御系统 |
CN102984134A (zh) * | 2012-11-12 | 2013-03-20 | 北京奇虎科技有限公司 | 安全防御系统 |
CN103617395B (zh) * | 2013-12-06 | 2017-01-18 | 北京奇虎科技有限公司 | 一种基于云安全拦截广告程序的方法、装置和系统 |
WO2015081900A1 (zh) * | 2013-12-06 | 2015-06-11 | 北京奇虎科技有限公司 | 基于云安全拦截广告程序的方法、装置和系统 |
CN103617395A (zh) * | 2013-12-06 | 2014-03-05 | 北京奇虎科技有限公司 | 一种基于云安全拦截广告程序的方法、装置和系统 |
CN105574410A (zh) * | 2015-12-15 | 2016-05-11 | 北京金山安全软件有限公司 | 一种应用程序的安全检测方法及装置 |
CN105574410B (zh) * | 2015-12-15 | 2018-07-31 | 北京金山安全软件有限公司 | 一种应用程序的安全检测方法及装置 |
CN106998335A (zh) * | 2017-06-13 | 2017-08-01 | 深信服科技股份有限公司 | 一种漏洞检测方法、网关设备、浏览器及系统 |
CN106998335B (zh) * | 2017-06-13 | 2020-09-18 | 深信服科技股份有限公司 | 一种漏洞检测方法、网关设备、浏览器及系统 |
CN108768934A (zh) * | 2018-04-11 | 2018-11-06 | 北京立思辰新技术有限公司 | 恶意程序发布检测方法、装置以及介质 |
CN108768934B (zh) * | 2018-04-11 | 2021-09-07 | 北京立思辰新技术有限公司 | 恶意程序发布检测方法、装置以及介质 |
CN109284604A (zh) * | 2018-09-10 | 2019-01-29 | 中国联合网络通信集团有限公司 | 一种基于虚拟机的软件行为分析方法和系统 |
CN112800337A (zh) * | 2021-02-08 | 2021-05-14 | 联想(北京)有限公司 | 一种信息处理方法、装置、电子设备和计算机存储介质 |
Also Published As
Publication number | Publication date |
---|---|
JP2011501280A (ja) | 2011-01-06 |
US20100306851A1 (en) | 2010-12-02 |
WO2009049556A1 (fr) | 2009-04-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101350053A (zh) | 防止网页浏览器被漏洞利用的方法和装置 | |
US10599841B2 (en) | System and method for reverse command shell detection | |
CN109033828B (zh) | 一种基于计算机内存分析技术的木马检测方法 | |
CN112769821B (zh) | 一种基于威胁情报和att&ck的威胁响应方法及装置 | |
Wang et al. | Detecting stealth software with strider ghostbuster | |
Kirda et al. | Noxes: a client-side solution for mitigating cross-site scripting attacks | |
US9596255B2 (en) | Honey monkey network exploration | |
EP2659416B1 (en) | Systems and methods for malware detection and scanning | |
Kirda et al. | Behavior-based Spyware Detection. | |
KR101514984B1 (ko) | 홈페이지 악성코드 유포 탐지 시스템 및 방법 | |
CN101826139B (zh) | 一种非可执行文件挂马检测方法及其装置 | |
US8973136B2 (en) | System and method for protecting computer systems from malware attacks | |
US8595840B1 (en) | Detection of computer network data streams from a malware and its variants | |
US20130061323A1 (en) | System and method for protecting against malware utilizing key loggers | |
US20100037317A1 (en) | Mehtod and system for security monitoring of the interface between a browser and an external browser module | |
WO2009049555A1 (fr) | Procédé et appareil pour détecter le comportement malveillant d'un programme informatique | |
US20090165136A1 (en) | Detection of Window Replacement by a Malicious Software Program | |
US8230499B1 (en) | Detecting and blocking unauthorized downloads | |
KR101223594B1 (ko) | Lkm 루트킷 검출을 통한 실시간 운영정보 백업 방법 및 그 기록매체 | |
Gittins et al. | Malware persistence mechanisms | |
Shan et al. | Enforcing mandatory access control in commodity OS to disable malware | |
US7620983B1 (en) | Behavior profiling | |
US8141153B1 (en) | Method and apparatus for detecting executable software in an alternate data stream | |
Afonso et al. | A hybrid framework to analyze web and os malware | |
Venkatraman | Autonomic context-dependent architecture for malware detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1124413 Country of ref document: HK |
|
ASS | Succession or assignment of patent right |
Owner name: BEIJING RISING INTERNATIONAL TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: BEIJING RISING INTERNATIONAL SOFTWARE CO., LTD. Effective date: 20100413 |
|
C41 | Transfer of patent application or patent right or utility model | ||
COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100080 ROOM 1305, ZHONGKE BUILDING, NO.22, ZHONGGUANCUN AVENUE, BEIJING CITY TO: 100190 ROOM 1301, ZHONGKE BUILDING, NO.22, ZHONGGUANCUN AVENUE, HAIDIAN DISTRICT, BEIJING CITY |
|
TA01 | Transfer of patent application right |
Effective date of registration: 20100413 Address after: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Applicant after: Beijing Rising Information Technology Co., Ltd. Address before: 100080, room 1305, Zhongke building, 22 Zhongguancun street, Beijing Applicant before: Beijing Rising International Software Co., Ltd. |
|
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20090121 |
|
REG | Reference to a national code |
Ref country code: HK Ref legal event code: WD Ref document number: 1124413 Country of ref document: HK |