Abstract: An endpoint on a network uses detection data to detect a malicious software attack. The endpoint identifies content associated with the attack, such as a component of a web page, and generates a description of the content. The endpoint sends the description to a security server. The security server analyzes the content and identifies characteristics of the content that are present when the content is carried by network traffic. The security server generates a traffic signature that specifies the identified characteristics and provides the traffic signature to inspection points. The inspection points, in turn, use the traffic signature to examine network traffic passing through the inspection points to detect network traffic carrying the content. The attack detection at the endpoint thus informs the traffic signature-based detection at the inspection points and reduces the spread of malicious software.

Abstract: A computer-implemented method for automatically detecting and preventing phishing attacks may include (1) maintaining a credentials store for a user of the computing device that identifies both at least one known-legitimate website and credentials associated with the known-legitimate website, (2) detecting an attempt by the user to enter the same credentials that are associated with the known-legitimate website into a new website that is not associated with the credentials in the credentials store, and then, prior to allowing the credentials to pass to the new website, (3) automatically warning the user that the new website potentially represents an attempt to phish the credentials associated with the known-legitimate website from the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Malware with fake or misleading anti-malware user interfaces (UIs) are detected. Processes running on a computer system are monitored and their window creation events are detected. The structures of the created windows are retrieved to detect presence of UI features that are commonly presented in known fake or misleading anti-malware UIs (“fakeAVUIs”). If a window includes a UI feature commonly presented in known fakeAVUIs, that window is determined suspicious and additional tests are applied to determine the validity of information in the window. If the information in the window is determined invalid, then the process that created the window is determined to be malware and a remediating action is applied to the process.

Abstract: An exhaust system for an internal combustion engine including an elongated tube for receiving exhaust gas and exhaust flow modification structure within the tube interior configured to cooperate with the elongated tube to produce a laminar flow of exhaust gas and modify the flow speed of the exhaust gas due to the venturi effect.

Abstract: An exhaust system for an internal combustion engine including an elongated tube for receiving exhaust gas and exhaust flow modification structure within the tube interior configured to cooperate with the elongated tube to produce a laminar flow of exhaust gas and modify the flow speed of the exhaust gas due to the venturi effect. The exhaust system includes two spaced structural components which form restricted a annular flow path to enhance the venturi effect.

Abstract: A computer-implemented method for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions may include (1) identifying a torrent file that includes metadata for facilitating a torrent transaction for obtaining a target file via a peer-to-peer file-sharing protocol, (2) identifying at least one entity involved in the torrent transaction, (3) obtaining reputation information associated with the entity involved in the torrent transaction, wherein the reputation information identifies a community's opinion on the trustworthiness of the entity, (4) determining, based at least in part on the reputation information associated with the entity involved in the torrent transaction, that the target file represents a potential security risk, and then (5) performing a security action on the target file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for locating malware may include identifying a malicious behavior in a computing system. The computer-implemented method may also include determining that the malicious behavior arises from a set of interrelated executable objects. The computer-implemented method may further include identifying an executable object recently added to the set of interrelated executable objects. The computer-implemented method may additionally include attributing the malicious behavior to the recently added executable object based on when the recently added executable object was added to the set of interrelated executable objects. The computer-implemented method may also include performing a security action on the recently added executable object. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method may include establishing, within a parental-control software system, an academic-performance policy that defines how academic performance of a student affects at least one parental-control setting enforced on a computing system accessible to the student. The computer-implemented method may also include receiving, via an electronic communication from a school of the student, grade information that indicates the student's academic performance. The computer-implemented method may further include applying the academic-performance policy by updating the parental-control setting commensurate with the student's academic performance. In addition, the computer-implemented method may include detecting an attempt by the student to access a resource of the computing system and applying the updated parental-control setting to control the student's access to the resource of the computing system.

Abstract: A computer-implemented method for using reputation data to detect packed malware may include: 1) identifying a file downloaded from a portal, 2) determining that the file has been packed, 3) obtaining community-based reputation data for the file, 4) determining, by analyzing the reputation data, that instances of the file have been encountered infrequently (or have never been encountered) within the community, and then 5) performing a security operation on the file (by, for example, quarantining or deleting the file).

Abstract: A method for managing file access history information is described. An application opening a file is identified. Access rights used to open the file are determined. A time parameter associated with the opening of the file is recorded. An access frequency parameter for the file over a predetermined period of time is calculated. File access history information associated with the file is stored.

Abstract: A computer-implemented method for determining, in response to an event of interest, whether to perform a real-time file scan by examining the full context of the event of interest may comprise: 1) detecting an event of interest, 2) identifying at least one file associated with the event of interest, 3) accessing contextual metadata associated with the event of interest, 4) accessing at least one rule that comprises criteria for determining, based on the event of interest and the contextual metadata, whether to perform a security scan on the file, and then 5) determining, by applying the rule, whether to perform the security scan on the file. Corresponding systems and computer-readable media are also disclosed.

Abstract: A method for maintaining file-type information for a file is described. Data in a first position of a file is analyzed. A file-type for the file is determined based on the analyzed data in the first position. The file is monitored for input/output operations. The file-type of the file is updated if input/output operations occur within the first position of the file.

Abstract: Upon detection of a rootkit, a host computer system is rebooted. The boot process is interrupted. Access to a media, e.g., a volume or disk, containing the rootkit is gained and the media is directly accessed. The rootkit is disabled, e.g., renamed or deleted, and the host computer system is rebooted a second time. If the rootkit has not been previously removed, e.g., only renamed, the rootkit is removed, e.g., using a conventional antivirus application. Thus, upon detection of a rootkit, the rootkit is removed without a clean boot.

Abstract: A computer-implemented method for determining, in response to an event of interest, whether to perform a real-time file scan by examining the full context of the event of interest may comprise: 1) detecting an event of interest, 2) identifying at least one file associated with the event of interest, 3) accessing contextual metadata associated with the event of interest, 4) accessing at least one rule that comprises criteria for determining, based on the event of interest and the contextual metadata, whether to perform a security scan on the file, and then 5) determining, by applying the rule, whether to perform the security scan on the file. Corresponding systems and computer-readable media are also disclosed.

Abstract: A plunger lubricator housing includes an elongated tubular body formed from a single piece of material. The body has a first end, a second end, an outer surface and an inner surface that defines a plunger receiving interior bore. Radial ports provide fluid communication between the interior bore and the outer surface. Each of the radial ports has a coupling that is recessed into the body.

Abstract: The invention provides a device for threading an end of a guidewire into a catheter, the catheter having a tip connected to an inner lumen of the catheter, the inner lumen dimensioned to receive the guidewire therethrough. The device comprises: a guidewire receiving port; a catheter tip receiving port; a channel connecting the guidewire receiving port to the catheter tip receiving port. The channel is dimensioned to pass the outer thickness of the guidewire therethrough and the channel is dimensioned to block passage of the outer thickness of the catheter therethrough. A contiguous section of the guidewire receiving port, the catheter tip receiving port and the channel form an open passageway from which the guidewire and catheter, once the guidewire is threaded into the catheter, are disengaged from the device. The open passageway may be covered by a flap mounted to the device which releasably cover,s the contiguous open section of the guidewire receiving port, the catheter tip receiving port and the channel.

Abstract: A system for improving the performance of a motor vehicle internal combustion engine includes a controller positioned between an O2 sensor. The controller alters the O2 sensor signals and adjusts supplemental sensor signals received from supplemental sensors and sends the altered O2 signals and the adjusted supplemental sensor signals to a programmed electronic control unit which controls operation of fuel injectors.

Abstract: A device for obtaining electric power from moving water, made up of a floating cylindrical body having a first end extending to a second end along a cylindrical surface having at least two blades. Each end of the floating cylindrical body is fixedly connected to a waterwheel sprocket, and rotatably connected to an arm pivotally connected to an anchor. The waterwheel sprockets are connected to a generator sprocket by a drive means. When the new device is placed and held in a body of moving water, the moving water impacts against the blades and causes the floating cylindrical body to rotate. The rotation of the floating cylindrical body causes the first and second waterwheel sprockets to rotate and move the drive means which are connected to a generator and in turn create electricity.

Abstract: A routing system comprising one or more maps; route defining means instantiable to respond to driver interaction with a map to define a proposed pooling route and to store said pooling route; request defining means instantiable to respond to passenger interaction to define a request for a pooling route; search means instantiable to search stored pooling routes for one or more pooling routes suitable for said request; and addition means responsive to passenger selection of a suitable pooling route to include a passenger on said route.

Abstract: A disposable disruptor device including a stator and a rotor. The rotor is disposed for rotation in the stator and has blades at one end thereof. A reverse-threaded helical ridge between the stator and the rotor pumps fluid down the stator and prevents fluid from being drawn up inside the stator tube.