TRUSTEER LTD. Patent applications |
Patent application number | Title | Published |
20150235026 | MALWARE DROPPER DISCOVERY METHOD AND SYSTEM - A process for finding potentially harmful malware dropper on an infected computer system includes the steps of a) identifying an executable file that is about to run, and b) providing a storage agent that stores a copy of said executable file for a later inspection. | 08-20-2015 |
20150178374 | METHOD AND SYSTEM OF PROVIDING USER PROFILE DETECTION FROM AN INPUT DEVICE - The present disclosure relates to a method of providing user categorization from computer pointer interaction, comprising the steps of: creating a plurality of different pointer data profiles based on initial user sessions and storing said created pointer data profiles in the form of pointer data profile entries in a pointer data profile database, wherein said pointer data profile is obtained from collected user activity data generated by a pointing device; and categorizing each user using the stored pointer data profiles at an onset of subsequent user sessions. | 06-25-2015 |
20150128206 | Early Filtering of Events Using a Kernel-Based Filter - A method for providing early filtering of events using a kernel-based filter, comprising the steps of: a) providing a driver for the kernel level that acts as a kernel filtering process, wherein said driver is configured to match events that occur at the kernel level according to predefined rules; and b) upon finding a match, acting according to the definition of the matched rule in order to allow the event, disallow said event or forward the content of said event for further processing. | 05-07-2015 |
20150113644 | Exploit Detection/Prevention - An Agent for detecting and/or preventing an Exploit attack, comprises: a) means for monitoring the operation of one or more process elements in a computer system; b) means for determining whether said one or more process elements has initiated, or is about to initiate a “create process” operation; and c) means for performing preventive activities as a result of the determination. | 04-23-2015 |
20140289851 | Malware Discovery Method and System - A process for identifying potentially harmful malware, comprises the steps of: a) identifying an executable that is about to run; b) providing a monitoring agent that monitors all threads that are descendent of a thread initiated by the process of said executable; and c) configuring said monitoring agent to conclude that a high probability of malware presence exists, if one of said descendent threads reaches a target process in which suspicious patches are created. | 09-25-2014 |
20140130152 | DEFENSE AGAINST DNS DOS ATTACK - A method for defending a computer system comprising a DNS server against a DoS or a DDoS attack directed at said DNS server comprises replacing the address of said system provided by a user to a client software with an alternative address, wherein said address is replaced by a software agent associated with said user, such that said client software is capable of connecting with said system. | 05-08-2014 |
20140114843 | METHOD FOR DETECTING FRAUDULENT MONEY TRANSFER - A method detects fraudulent transaction of money transfer to a mule account, according to which a detection software module is injected into a browser or a website to be protected. The detection module traces the content and the activities performed on a webpage of the website and detects any exceptional activity/condition which may be fraudulent online activity performed by malware and waits until all sensitive data to perform a fraud transaction is entered. Then the detection module stores and/or forwards the details of the mule account that has been used for the fraudulent transaction. | 04-24-2014 |
20140053267 | METHOD FOR IDENTIFYING MALICIOUS EXECUTABLES - In a computer system, a method detects a suspected malware behavior. Activities on a computer system conducted within a given time frame are monitored during the installation of a suspected file. The monitored activities are recorded and the monitored/recorded activities are compared with patterns of malware behavior, stored in a database. Upon detecting a suspicious program, the recorded monitored activities are provided for further analysis to be performed by appropriate software removal tools. | 02-20-2014 |
20130263264 | DETECTION OF PHISHING ATTEMPTS - A method for alerting a service provider and/or a user of a web browser of a phishing attempt comprises providing on a page that it is desired to protect against phishing, a Javascript that when caused by a phishing page to run not in the context of the original page generates an indication that a phishing attempt may exist. | 10-03-2013 |
20130239214 | METHOD FOR DETECTING AND REMOVING MALWARE - A method for detecting and removing a suspicious software code in a computer system, according to which the installation process of the suspicious software code is monitored by a client agent residing within the computer system where predetermined operations of the suspicious software code are identified and registered during the installation process. The predetermined operations are compared with a known software code in order to define whether the software code is similar to the known software code. It is then determined if the suspicious software code is malware and if it is, the client agent is instructed to uninstall the suspicious software code from the OS, or to remove its entry from the boot registry. | 09-12-2013 |
20130198842 | METHOD FOR DETECTING A MALWARE - System and method for determining, by a security application, whether an examined software code is a malware, according to which the system detects whenever the examined process code performs system calls and further detects a call site. Pieces of code in the surrounding area of the site and/or in branches related to the site are analyzed and the properties of the analyzed pieces of code are compared with a predefined software code patterns, for determining whether the examined process code corresponds to one of the predefined software code patterns. Then the examined process code is classified according to the comparison results. | 08-01-2013 |
20120030762 | FUNCTIONAL PATCHING/HOOKING DETECTION AND PREVENTION - A method for preventing malicious attacks on software, using the patching method, includes providing a database of malicious known patches (malware). The database contains characteristic signatures of the malware. The method also includes detecting whether a patch is malicious by comparing it with a signature in the database and performing one or more activities needed to prevent the malicious patch from performing undesired activities. | 02-02-2012 |
20110239300 | WEB BASED REMOTE MALWARE DETECTION - A method for detecting HTML-modifying malware present in a computer includes providing a server which serves a web page (HTML) to a browser. A determination is made whether a modified string exists in the page received by said browser and if a modifying element is found, determining the malware is present in the computer. | 09-29-2011 |
20100169969 | FUNCTIONAL PATCHING/HOOKING DETECTION AND PREVENTION - A method for preventing malicious attacks on software, using the patching method, includes providing a database of legitimate and known patches, the database contains characteristic code paths of said legitimate patches. The method also includes detecting whether a patch is malicious by inspecting one or more characteristic paths of the patch and matching one or more code paths against the database of legitimate and known patches. An activity needed to prevent the malicious patch from performing undesired activities is then performed. | 07-01-2010 |
20090293102 | REMOTE DOM ACCESS - A method for protecting a browser from malicious processes, comprises providing at least one process-proxy object and at least a browser-proxy object, interposed between the browser and a process, such that when the process invokes one of the DOM entry points, the process-proxy object isolates it from the real browser implementation and executes the process-proxy object's code instead. | 11-26-2009 |
20090064309 | BROWSER PLUG-IN FIREWALL - A browser plug-in firewall manages data exchanged between a browser and a plug-in according to a pre-defined list of rights. | 03-05-2009 |
20090007243 | METHOD FOR RENDERING PASSWORD THEFT INEFFECTIVE - A method for rendering a login theft ineffective includes detecting a submission of a first login request from the user's client to a Web site; redirecting the first login request to the traffic processor for copying at least one of the user supplied login fields; forwarding the first login request from the traffic processor to the site; requesting replacements of at least one of the user supplied login fields from the site; and replacing the at least one of user supplied login fields with at least one new corresponding login field(s) in the site. | 01-01-2009 |
20080222736 | Scrambling HTML to prevent CSRF attacks and transactional crimeware attacks - The present invention relates to a method for preventing an unauthorized activity including a transaction in a web site comprising the steps of: (a) receiving a response containing at least one HTML page, from said site, by the traffic processor; (b) modifying said response by obfuscating said at least one HTML page of said response; (c) storing de-obfuscation information in a transaction table; (d) forwarding the modified response from said traffic processor to the client's browser; (e) redirecting a request from said browser to the traffic processor, by the redirector; (f) checking said request for an unauthorized command; (g) de-obfuscating said request using the stored information in said transaction table; and (h) forwarding the modified request to said site. | 09-11-2008 |
20080222299 | Method for preventing session token theft - The present invention relates to a method for preventing the theft of a session token comprising the steps of: (a) detecting a submission of a first request from the client's browser to a protected site; (b) redirecting said first request to the traffic processor for monitoring said first request; (c) forwarding said first request from said traffic processor to said protected site; (d) receiving the response containing the session token from said protected site by said traffic processor; (e) storing said session token in the session table; (f) providing a token index for indexing said session token stored in said session table; (g) modifying the content of said response by changing said session token to said token index; and (h) forwarding the modified response from said traffic processor to said browser. | 09-11-2008 |