Method for detecting e.g. IP addresses of bankers, involves detecting malware, identifying suspect modifications made in operating system, and classifying malware detection results obtained in sub-steps, and listing addresses
NOVELTY – The method involves identifying samples of malware (1), where a specimen from malware is selected among portable executable (PE) type programs or similar programs. Dynamics analysis of specimen of the malware is performed (2) for capturing network traffic. Bankers data is obtained from parallel way. The malware is detected (3) by combination of techniques for detecting patterns in the network traffic. Suspect modifications made in an operating system are identified (3C). Malware detection results obtained in sub-steps are classified (4A). IP addresses and an e-mail address are listed (4B). USE – Method for detecting committed resources such as IP addresses and e-mail accounts, of bankers. ADVANTAGE – The method enables detecting bankers in automatic manner by matching the patterns of the network traffic and monitoring system files of a victim machine. DESCRIPTION OF DRAWING(S) – The drawing shows a flow diagram illustrating a method for detecting committed resources of bankers. Step for identifying samples of malware (1) Step for performing dynamics analysis of specimen of malware for capturing network traffic (2) Step for detecting malware by combination of techniques for detecting patterns in network traffic (3) Step for identifying suspect modifications made in an operating system (3C) Step for classifying malware detection results obtained in sub-steps (4A) Step for listing IP addresses and e-mail address (4B)
Main Application Field
T01 (Digital Computers); W01 (Telephone and Data Transmission Systems)
INVENTORS:
GREGIO ANDRÉ RICARDO ABED
FERNANDES DARIO SIM ES FILHO
GEUS PAULO LICIO DE
MARTINS VICTOR FURUSE
AFONSO VITOR MONTE
