WO2009117445A3 - Method and system for protection against information stealing software - Google Patents

Method and system for protection against information stealing software Download PDF

Info

Publication number
WO2009117445A3
WO2009117445A3 PCT/US2009/037435 US2009037435W WO2009117445A3 WO 2009117445 A3 WO2009117445 A3 WO 2009117445A3 US 2009037435 W US2009037435 W US 2009037435W WO 2009117445 A3 WO2009117445 A3 WO 2009117445A3
Authority
WO
WIPO (PCT)
Prior art keywords
bait
electronic device
information
software
output
Prior art date
Application number
PCT/US2009/037435
Other languages
French (fr)
Other versions
WO2009117445A2 (en
Inventor
Lidror Troyansky
Sharon Bruckner
Daniel Lyle Hubbard
Original Assignee
Websense, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US12/051,579 external-priority patent/US9015842B2/en
Priority claimed from US12/051,670 external-priority patent/US8407784B2/en
Priority claimed from US12/051,616 external-priority patent/US9130986B2/en
Application filed by Websense, Inc. filed Critical Websense, Inc.
Priority to AU2009225671A priority Critical patent/AU2009225671A1/en
Priority to CA2718594A priority patent/CA2718594A1/en
Priority to EP09721776A priority patent/EP2272024A2/en
Priority to CN2009801094588A priority patent/CN101978376A/en
Publication of WO2009117445A2 publication Critical patent/WO2009117445A2/en
Publication of WO2009117445A3 publication Critical patent/WO2009117445A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software. Furthermore, it is possible to store information about the bait in a database and then compare information about a user with the information in the database in order to determine if the electronic device that transmitted the bait contains unwanted software.
PCT/US2009/037435 2008-03-19 2009-03-17 Method and system for protection against information stealing software WO2009117445A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
AU2009225671A AU2009225671A1 (en) 2008-03-19 2009-03-17 Method and system for protection against information stealing software
CA2718594A CA2718594A1 (en) 2008-03-19 2009-03-17 Method and system for protection against information stealing software
EP09721776A EP2272024A2 (en) 2008-03-19 2009-03-17 Method and system for protection against information stealing software
CN2009801094588A CN101978376A (en) 2008-03-19 2009-03-17 Method and system for protection against information stealing software

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US12/051,670 2008-03-19
US12/051,579 US9015842B2 (en) 2008-03-19 2008-03-19 Method and system for protection against information stealing software
US12/051,616 2008-03-19
US12/051,670 US8407784B2 (en) 2008-03-19 2008-03-19 Method and system for protection against information stealing software
US12/051,616 US9130986B2 (en) 2008-03-19 2008-03-19 Method and system for protection against information stealing software
US12/051,579 2008-03-19

Publications (2)

Publication Number Publication Date
WO2009117445A2 WO2009117445A2 (en) 2009-09-24
WO2009117445A3 true WO2009117445A3 (en) 2009-11-12

Family

ID=40736626

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2009/037435 WO2009117445A2 (en) 2008-03-19 2009-03-17 Method and system for protection against information stealing software

Country Status (5)

Country Link
EP (1) EP2272024A2 (en)
CN (1) CN101978376A (en)
AU (1) AU2009225671A1 (en)
CA (1) CA2718594A1 (en)
WO (1) WO2009117445A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105512020A (en) * 2014-09-24 2016-04-20 阿里巴巴集团控股有限公司 Method and device for test

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012057737A1 (en) * 2010-10-26 2012-05-03 Hewlett-Packard Development Company, L. P. Methods and systems for detecting suspected data leakage using traffic samples
CN103607392A (en) * 2010-12-14 2014-02-26 华为数字技术(成都)有限公司 Method and device used for preventing fishing attack
CN102098285B (en) * 2010-12-14 2013-12-04 华为数字技术(成都)有限公司 Method and device for preventing phishing attacks
JP5624938B2 (en) * 2011-05-13 2014-11-12 日立オムロンターミナルソリューションズ株式会社 Automatic transaction apparatus and automatic transaction system
CN102801688B (en) * 2011-05-23 2015-11-25 联想(北京)有限公司 The terminal of a kind of method of data access, device and supported data access
CN103294950B (en) * 2012-11-29 2016-07-06 北京安天电子设备有限公司 A kind of high-power secret information stealing malicious code detecting method based on backward tracing and system
CN103177204B (en) * 2013-03-29 2016-09-28 北京奇虎科技有限公司 Password information tip method and device
MY184389A (en) * 2013-05-17 2021-04-01 Mimos Berhad Method and system for detecting keylogger
US9357397B2 (en) * 2014-07-23 2016-05-31 Qualcomm Incorporated Methods and systems for detecting malware and attacks that target behavioral security mechanisms of a mobile device
CN105447385B (en) * 2014-12-08 2018-04-24 哈尔滨安天科技股份有限公司 A kind of applied database honey jar detected at many levels realizes system and method
CN105141610A (en) * 2015-08-28 2015-12-09 百度在线网络技术(北京)有限公司 Phishing page detection method and system
CN106549960A (en) * 2016-10-27 2017-03-29 北京安天电子设备有限公司 A kind of method and system based on network monitoring pursuit attack person
CN108256323A (en) * 2016-12-29 2018-07-06 武汉安天信息技术有限责任公司 A kind of detection method and device for phishing application
CN108830089B (en) * 2018-05-16 2022-04-08 哈尔滨工业大学 Active protection system for electromagnetic radiation information leakage in high-frequency data transmission

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060282890A1 (en) * 2005-06-13 2006-12-14 Shimon Gruper Method and system for detecting blocking and removing spyware
US20070169191A1 (en) * 2006-01-18 2007-07-19 Greene Michael P Method and system for detecting a keylogger that encrypts data captured on a computer
WO2009032379A1 (en) * 2007-06-12 2009-03-12 The Trustees Of Columbia University In The City Of New York Methods and systems for providing trap-based defenses

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1147795C (en) * 2001-04-29 2004-04-28 北京瑞星科技股份有限公司 Method, system and medium for detecting and clearing known and anknown computer virus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060282890A1 (en) * 2005-06-13 2006-12-14 Shimon Gruper Method and system for detecting blocking and removing spyware
US20070169191A1 (en) * 2006-01-18 2007-07-19 Greene Michael P Method and system for detecting a keylogger that encrypts data captured on a computer
WO2007106609A2 (en) * 2006-01-18 2007-09-20 Webroot Software, Inc. Method and system for detecting a keylogger on a computer
WO2009032379A1 (en) * 2007-06-12 2009-03-12 The Trustees Of Columbia University In The City Of New York Methods and systems for providing trap-based defenses

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105512020A (en) * 2014-09-24 2016-04-20 阿里巴巴集团控股有限公司 Method and device for test

Also Published As

Publication number Publication date
CN101978376A (en) 2011-02-16
WO2009117445A2 (en) 2009-09-24
CA2718594A1 (en) 2009-09-24
EP2272024A2 (en) 2011-01-12
AU2009225671A1 (en) 2009-09-24

Similar Documents

Publication Publication Date Title
WO2009117445A3 (en) Method and system for protection against information stealing software
WO2011162848A3 (en) System and method for providing impact modeling and prediction of attacks on cyber targets
WO2008042871A3 (en) Methods and apparatus for securely signing on to a website via a security website
WO2009117446A3 (en) System and method for analysis of electronic information dissemination events
WO2014055241A3 (en) Secure identification of computing device and secure identification methods
WO2008127431A3 (en) Systems and methods for identification and authentication of a user
EP1806674A3 (en) Method and apparatus for protection domain based security
WO2007140326A3 (en) Methods and apparatus for sampling usage information from a pool of terminals in a data network
WO2006074294A3 (en) Methods and apparatus providing security to computer systems and networks
WO2008017015A3 (en) Systems and methods for policy based triggering of client- authentication at directory level granularity
WO2008091947A3 (en) System and method for detection and analysis of speech
WO2005101185A3 (en) Authenticating a web site with user-provided indicators
WO2008069945A3 (en) System and method of analyzing web addresses
WO2007094942A3 (en) Dynamic threat event management system and method
WO2008091785A3 (en) System and method for determining data entropy to identify malware
WO2012012438A8 (en) Systems and methods for providing a smart group for access control
WO2013003493A3 (en) System and method for protocol fingerprinting and reputation correlation
WO2009093145A3 (en) System and method of monitoring computer usage
WO2012092517A8 (en) Identity verification systems and methods
ATE540519T1 (en) METHOD AND APPARATUS FOR SHARING COMMON-INTEREST CONNECTIONS BETWEEN COMMUNICATION DEVICES
WO2018064097A3 (en) System, apparatus and method for platform protection against cold boot attacks
WO2009008077A1 (en) User authentication judging device, user authentication judging system, user authentication judging program and user authentication judging method
WO2006104581A3 (en) Gaming device network managing system and method
EP2605175A3 (en) Method and apparatus for checking field replaceable unit, and communication device
WO2012057632A3 (en) Secure computer system

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200980109458.8

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09721776

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2718594

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2009225671

Country of ref document: AU

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 6691/DELNP/2010

Country of ref document: IN

ENP Entry into the national phase

Ref document number: 2009225671

Country of ref document: AU

Date of ref document: 20090317

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2009721776

Country of ref document: EP