Browse Prior Art Database

Detecting Fake AV Scans

IP.com Disclosure Number: IPCOM000201331D
Publication Date: 2010-Nov-11
Document File: 4 page(s) / 40K

Publishing Venue

The IP.com Prior Art Database

Abstract

This invention detects Misleading Applications/Fake AntiVirus threats by verifying if the scan UI is backed up by actual scan functionality.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 54% of the total text.

Detecting Fake AV Scans

Adam Glick

Symantec Corporation

Abstract

This invention detects Misleading Applications/Fake AntiVirus threats by verifying if the scan UI is backed up by actual scan functionality.

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.  For a full list of Symantec trademarks, please visit

http://www.symantec.com/about/profile/policies/trademarks/currentlist.jsp

Any Symantec products described in this document are distributed under licenses restricting their use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Symantec Corporation

350 Ellis Street

Mountain View, CA 94043

United States

http://www.symantec.com

Detecting Fake AV Scans

Problem Statement

Misleading applications are the most common cause of complaints and a very common cause of enterprise escallations. They are particularly important for Symantec to perform well against because it attacks the very trust that is the root of our customer relationships.

Invention Description

A common trait of misleading applications/FakeAV is to display a fake scan dialog, either in HTML or using a Win32 UI, with the intent of convincing the user that a legitimate scan is occurring and nonexistent threats are present. This invention identifies such misleading activities very early, often before any malicious code is downloaded.

A number of components are required to make this work:

  1. A component that examines HTML for UI that lo...