Abstract: A method of identifying sections of code that can be disregarded when detecting features that are characteristic of malware, which features are subsequently used for detecting malware. The method includes, for each of a multiplicity of sample files, subdividing file code of the sample file into a plurality of code blocks and then removing duplicate code blocks to leave a sequence of unique code blocks. The sequence of unique code blocks is then compared with those obtained for other sample files in order to identify standard sections of code. The standard sections of code identified are then included within a database such that those sections of code can subsequently be disregarded when identifying features characteristic of malware.

Abstract: Method(s) and apparatus are described for use in preventing unauthorized redirection and/or routing of packets transmitted in a communication network. Packets generated by one or more devices in the communications network are intercepted by an apparatus. The intercepted packets are inspected and it is detected whether at least one of the intercepted packets is associated with redirection based on an unauthorized destination. For each intercepted packet, packet and protocol inspection may be used to determine the originally intended destination of the packet and to determine any other destination(s) associated with redirection of the packet. For each intercepted packet, if the any other destination(s) are not associated with one or more authorized destinations corresponding to the originally intended destination, then the intercepted packet is associated with redirection to an unauthorized destination.

Abstract: A method and apparatus for managing communications in a communication network. A telephony device determines that a software application is attempting to contact an E.164 number. It then determines that the E.164 number matches at least one predetermined criterion, such as the E.164 number being a premium rate number or having a different country code to that of the device. The device then sends a query to a reputation server. The query includes information identifying the software application. The device receives a response from the reputation server, the response including a reputation relating to the software application. On the basis of the received reputation relating to the software application, the device can take further action such as preventing contact from being established.

Abstract: This document discloses a solution for automatically detecting malicious content by computer security routine executed in a processing device. A user input to a social media application is detected by the computer security routine. The user input indicates that a user wants to share content with at least one other user through the social media application. In response, the computer security routine suspends said sharing and performs, before determining whether or not to allow the sharing, a security check for suspiciousness of contents the user intends to share.

Abstract: In accordance with an example embodiment of the present invention, there is provided an apparatus, comprising: at least one processor; and at least one memory including executable instructions. The at least one memory and the executable instructions are configured to, in cooperation with the at least one processor, cause the apparatus to perform at least the following: during the loading of an operating system, loading a boot time driver installed by an anti-virus application; reading a master boot record data by the boot time driver as soon as the operating system is ready to handle the request for reading the master boot record data; analyzing the collected master boot record data to identify any malicious entities; and in the event that malicious entities are identified, controlling the behavior of the processing system in order to disable the malicious entity.

Abstract: A method in a computer for detecting a file encryption attack. The computer detects an attempt to overwrite current file data of a file with new file data. The computer then compares the new file data to the current file data to obtain a measure of the difference between the current and the new file data, and if the difference exceeds a threshold, the computer considers this to identify a file encryption attack.

Abstract: Methods are detailed for online fraud prevention. In one approach state information of a first and a second device is monitored, both of which are associated with one user. During a multi-factor authentication procedure which utilizes at least one of the first and the second devices for authorizing a transaction by an Internet domain, a security server participates in a supplemental security procedure which is conditional on the monitored state information. In another approach the second device receives a message that is ostensibly related to multi-factor authorization by an Internet domain, and in response sends a query about state information of the first device. Based on the response to the query that indicates the state information, the second device performs a supplemental security procedure.

Abstract: A method for securely storing password information in a memory of a computer device. The stored password information is protected by a master password. The method includes receiving a text string corresponding to password information. The method also includes converting the text string to a media file. When the media file is passed to an output the password information is presented to a user. The method also includes storing the media file in the memory such that it is protected by the master password.

Abstract: According to an aspect of the invention, there is provided a method of protecting a user from a compromised web resource. The method may include monitoring a user's requests for trusted web resources to determine one or more web resources to be checked. The method may include querying a network database based on the determined one or more web resources to obtain historical data relating to whether any of the one or more web resources has been compromised at any time during a preceding time period. The method may include providing a predetermined response to protect the user if any of the one or more web resources has been compromised.

Abstract: A method of controlling access to web content at a client computer. The method includes registering an access control status at the client computer, and detecting an attempt to access a website having an access control mechanism. In response to such detection, the access attempt is suspended and said access control status registered at the client computer compared with an access control status currently registered at the website. If these do not correspond, then the access control status registered at the website is changed to correspond with that registered at the client computer.

Abstract: An example embodiment of the present invention provides an apparatus including at least one processor; and at least one memory including executable instructions, the at least one memory and the executable instructions being configured to, in cooperation with the at least one processor, cause the apparatus to perform at least the following: retrieving, from a reputation server, reputation data of uniform resource locators (URL) of one or more web sites relating to one or more web site features that are available via the web site; and determining executable web site features on the basis of the retrieved reputation data.

Abstract: A method, apparatus, and computer program for monitoring security of a mobile apparatus are disclosed. The method includes executing a security application in a mobile apparatus; monitoring, by the security application, user interface locking status of the mobile apparatus; determining, as a result of said monitoring, that the user interface has been locked; identifying an application that has caused said locking of the user interface; checking a reputation status of the identified application; upon detecting, as a result of said reputation status check, that the identified application has a bad reputation status, restricting operation of the identified application and unlocking the user interface.

Abstract: In accordance with an example embodiment of the present invention, there is provided a method comprising: maintaining a local database of trusted uniform resource locators (URL) where an URL is qualified to said database based on fulfilling predetermined criteria; detecting a request to access a uniform resource locator (URL); obtaining reputation data for the URL from a reputation server or from a local reputation scanner; comparing the obtained reputation data of the requested URL with the reputation data of the requested URL that is stored in the local database of trusted URLs if any; if there is a conflict between the reputation data obtained and the reputation data stored in the local database of trusted URLs, using the reputation data stored in the local database of trusted URLs to determine whether access to the URL is allowed.

Abstract: A method of updating an anti-virus application including an updatable module running on a client terminal. The method includes receiving an update at the client terminal, initializing the updatable module within a sandbox environment and applying the update to the updatable module. Control tests are then run on the updated sandboxed module and if the control tests are passed, the updated module is brought out of the sandbox environment and normal scanning is allowed to proceed using the updated module. If the control tests are not passed, however, normal scanning using the updated module is prevented.

Abstract: A method of inhibiting the spread of malware across a network of interconnected computer terminals. The method includes detecting malware or suspicious behavior at a first computer terminal and inspecting the first computer terminal, before and/or after said step of detecting malware or suspicious behavior, to identify contacts forming part of a social network. Identities of the identified contacts are sent to a backend security system, and at the backend security system, said identities are received and instructions sent to one or more second computer terminals associated with respective identities to cause those second computer terminals to implement an increased level of security.

Abstract: First data relating to a selected file is obtained. Based upon the first data it is determined if malware detection processing can be selected. Malware detection processing of the file is selected based upon said first data if it is determined that malware detection processing can be selected based upon the first data. If it is determined that, based upon the first data, malware detection processing cannot be selected based upon the first data, second data relating to the selected file is obtained and malware detection processing of the file is selected based upon said first and second obtained data. The selected malware detection processing is applied to said selected file. In an exemplary embodiment the first data is metadata and represents a faster scan of the file, and the second data is content of the file's header and represents a more in-depth scan of the file.

Abstract: A method of capturing photographs or videos and associated metadata. The method includes capturing a photograph or video using a mobile camera device at a shooting location and encompassing a shooting area, identifying a shooting area using positional and orientational detectors of the mobile camera device and known camera properties and recording a definition of the shooting area, and sending the captured photograph or video to a server system. Either at the mobile camera device or at the server system, the presence of peer mobile devices within the shooting area is identified using positional information reported by those peer mobile devices, and the captured photograph or video is tagged with identities associated with those peer mobile devices.

Abstract: A method and apparatus for providing information to a security application at a client device. A server receives a request from the client device for information of an object at the client device. The request includes the signature information required by the server to identify the object. The server queries a database to determine the required information of the object and to determine information of at least one further object, and a response is sent to the client device. The response includes the information relating to the object, an identity of the at least one further object, and the information relating to the at least one further object.

Abstract: In accordance with an example embodiment of the present invention, there is provided an apparatus, including at least one processor; and at least one memory including computer program code the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following: detecting a listing of web content elements provided by a web search engine, the web content elements relating to web pages retrieved by the web search engine; analyzing one or more web content elements of the detected listing; and categorizing the content of one or more web pages on the basis of the analysis.

Abstract: In accordance with an example embodiment of the present invention, there is provided a computing device, including at least one processor; and at least one memory including computer program code the at least one memory and the computer program code configured to, with the at least one processor, cause the device to perform at least the following: receive near field communication device data related to a specific NFC device; generate a reputation query on the basis of the received NFC device data; send the generated reputation query to a service provider; receive reputation data, retrieved from a reputation database of NFC device reputation information, related to the specific NFC device from the service provider; and take further action on the basis of the received reputation relating to the specific NFC device.