Browse Prior Art Database

Detecting Misleading Applications That Spoof Legitimate UIs

IP.com Disclosure Number: IPCOM000201328D
Publication Date: 2010-Nov-10
Document File: 4 page(s) / 42K

Publishing Venue

The IP.com Prior Art Database

Abstract

This invention is a method that detects misleading applications that spoof security-related UIs from the OS or main UIs from top security vendors.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 53% of the total text.

Detecting Misleading Applications That Spoof Legitimate UIs

Anubhav Savant

Symantec Corporation

Abstract

This invention is a method that detects misleading applications that spoof security-related UIs from the OS or main UIs from top security vendors.

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.  For a full list of Symantec trademarks, please visit

http://www.symantec.com/about/profile/policies/trademarks/currentlist.jsp

Any Symantec products described in this document are distributed under licenses restricting their use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Symantec Corporation

350 Ellis Street

Mountain View, CA 94043

United States

http://www.symantec.com

Detecting Misleading Applications That Spoof Legitimate UIs

Problem Statement

Misleading applications, such as false pop-up warnings designed to scare money out of computer users, represents 15 percent of all malware. These misleading applications intentionally misrepresent the security status of a computer and attempt to convince the user that he or she must remove potentially malware or security risks (usually nonexistent or fake) from the computer. The misleading application will hold the user hostage by refusing to allow him or her to remove or fix the phantom problems until the “required” software is purchased and installed.  Misleading applications often look convincing — the programs may look like legitimate security programs and often have corresponding websites with user testimonials, lists of features, etc. While in the past, attackers mass-distributed a small number of threats (relatively speaking), today they are generating and distributing millions of randomly-generated variants. These variants are released as frequently as every few minutes and are often sent to just a few targeted users at a time before the next set of variants are generated and distributed. The result is that each user is potentially infected by a unique variant of malware. Thus, traditional de...