GB2543602B - Mitigation of anti-sandbox malware techniques - Google Patents

Mitigation of anti-sandbox malware techniques Download PDF

Info

Publication number
GB2543602B
GB2543602B GB1610600.7A GB201610600A GB2543602B GB 2543602 B GB2543602 B GB 2543602B GB 201610600 A GB201610600 A GB 201610600A GB 2543602 B GB2543602 B GB 2543602B
Authority
GB
United Kingdom
Prior art keywords
mitigation
sandbox
malware techniques
techniques
sandbox malware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1610600.7A
Other versions
GB2543602A (en
GB201610600D0 (en
Inventor
Douglas Kraft Chris
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sophos Ltd
Original Assignee
Sophos Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/929,966 external-priority patent/US9942263B2/en
Application filed by Sophos Ltd filed Critical Sophos Ltd
Publication of GB201610600D0 publication Critical patent/GB201610600D0/en
Publication of GB2543602A publication Critical patent/GB2543602A/en
Application granted granted Critical
Publication of GB2543602B publication Critical patent/GB2543602B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/14Arrangements for detecting or preventing errors in the information received by using return channel in which the signals are sent back to the transmitter to be checked ; echo systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
GB1610600.7A 2015-10-20 2016-06-17 Mitigation of anti-sandbox malware techniques Active GB2543602B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201562243720P 2015-10-20 2015-10-20
US14/929,966 US9942263B2 (en) 2015-10-20 2015-11-02 Mitigation of anti-sandbox malware techniques

Publications (3)

Publication Number Publication Date
GB201610600D0 GB201610600D0 (en) 2016-08-03
GB2543602A GB2543602A (en) 2017-04-26
GB2543602B true GB2543602B (en) 2020-01-08

Family

ID=56895304

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1610600.7A Active GB2543602B (en) 2015-10-20 2016-06-17 Mitigation of anti-sandbox malware techniques

Country Status (1)

Country Link
GB (1) GB2543602B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110472415B (en) * 2018-12-13 2021-08-10 成都亚信网络安全产业技术研究院有限公司 Malicious program determination method and device
US11379578B1 (en) * 2020-10-16 2022-07-05 Trend Micro Incorporated Detecting malware by pooled analysis of sample files in a sandbox
CN114553539A (en) * 2022-02-22 2022-05-27 深信服科技股份有限公司 Method and device for defending malicious program and related equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9104870B1 (en) * 2012-09-28 2015-08-11 Palo Alto Networks, Inc. Detecting malware
US9165142B1 (en) * 2013-01-30 2015-10-20 Palo Alto Networks, Inc. Malware family identification using profile signatures
US9355246B1 (en) * 2013-12-05 2016-05-31 Trend Micro Inc. Tuning sandbox behavior based on static characteristics of malware

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9104870B1 (en) * 2012-09-28 2015-08-11 Palo Alto Networks, Inc. Detecting malware
US9165142B1 (en) * 2013-01-30 2015-10-20 Palo Alto Networks, Inc. Malware family identification using profile signatures
US9355246B1 (en) * 2013-12-05 2016-05-31 Trend Micro Inc. Tuning sandbox behavior based on static characteristics of malware

Also Published As

Publication number Publication date
GB2543602A (en) 2017-04-26
GB201610600D0 (en) 2016-08-03

Similar Documents

Publication Publication Date Title
GB2558826B (en) Mitigation of anti-sandbox malware techniques
HK1254377A1 (en) Sas interference mitigation options
IL255364A0 (en) Malware warning
EP3161714A4 (en) Mitigation of malware
SG11201706729SA (en) Derivatives of sobetirome
IL257026A (en) Solid state forms of eluxadoline
GB201406608D0 (en) Virus
GB201513626D0 (en) Mitigating blockchain attack
GB201521059D0 (en) Inhibitors of metallo-beta-lactamases
GB2545008B (en) Behaviour based malware prevention
EP3314509A4 (en) Mitigation of malware
GB2515853B (en) Latency mitigation
ZA201706282B (en) Solid forms of menaquinols
GB2545753B (en) Crosstalk mitigation
GB2543813B (en) Improved malware detection
GB201419572D0 (en) Virus
GB2543602B (en) Mitigation of anti-sandbox malware techniques
GB2532452B (en) Preventing browser-originating attacks
GB201420512D0 (en) Shield
GB2546602B (en) Brake-pull mitigation
TWM490246U (en) Protection structure of article-placing container
GB201400932D0 (en) Location of criticality
GB201522013D0 (en) Virus
EP3326049A4 (en) Mitigation of unintended effects of inputs
GB201516936D0 (en) Virus