Abstract: In one aspect, data characterizing healthcare information associated with a patient can be received. A health outcome evaluation can be determined for the patient based on the received healthcare information data. A risk prediction for the patient can be determined based on the determined health outcome evaluation. A treatment recommendation for the patient can be determined based on the determined risk prediction, and the treatment recommendation can be provided.

Abstract: In various example embodiments, a system and method for correction of user input are presented. In one embodiment, a method includes receiving a plurality of user strings, selecting one or more string pairs from the plurality of user strings based on a character operator difference between the first string and the second string being below a threshold number, filtering the one or more string pairs to generate a filtered set of strings pairs representing corrections, and correcting user input in a different session by replacing input that matches a first string in a filtered string pair with a second string in the filtered string pair.

Abstract: A computer security method including preventing access by a computer in a first computer network to a resource at a location within the first computer network responsive to the computer accessing a computer-readable document retrieved from a second computer network, wherein a reference to the resource is associated with the computer-readable document.

Abstract: In various example embodiments, a system and method for correction of user input are presented. In one embodiment, a method includes receiving a plurality of user strings, selecting one or more string pairs from the plurality of user strings based on a character operator difference between the first string and the second string being below a threshold number, filtering the one or more string pairs to generate a filtered set of strings pairs representing corrections, and correcting user input in a different session by replacing input that matches a first string in a filtered string pair with a second string in the filtered string pair.

Abstract: Systems and methods for receiving a first string from a user in a user session, tracking a first response to the first string from the user in the user session, receiving, after receiving the first string, a second string from the user in the user session, the second string having a character operator difference that is below a threshold number from the first string, tracking a second response to the second string from the user in the user session, associating the first string with the second string in response to the second response comprising a higher number of responses as compared with the first response, removing the association between the first string with the second string in response to the second string being a correction of the first string, and correcting, using the association, user input by replacing a portion of the user input that matches the first string with the second string.

Abstract: A process for finding potentially harmful malware dropper on an infected computer system includes the steps of a) identifying an executable file that is about to run, and b) providing a storage agent that stores a copy of said executable file for a later inspection.

Abstract: A computer security method including preventing access by a computer in a first computer network to a resource at a location within the first computer network responsive to the computer accessing a computer-readable document retrieved from a second computer network, wherein a reference to the resource is associated with the computer-readable document.

Abstract: A computer security method including detecting access, by a computer in a first computer network, to a computer-readable document, determining whether the computer-readable document was retrieved from a second computer network, identifying a reference, associated with the computer-readable document, to a resource at a location within the first computer network, and preventing access by the computer to the resource at the location within the first computer network responsive to determining that the computer-readable document was retrieved from the second computer network.

Abstract: Systems and methods for receiving a first string from a user in a user session, tracking a first response to the first string from the user in the user session, receiving, after receiving the first string, a second string from the user in the user session, the second string having a character operator difference that is below a threshold number from the first string, tracking a second response to the second string from the user in the user session, associating the first string with the second string in response to the second response comprising a higher number of responses as compared with the first response, removing the association between the first string with the second string in response to the second string being a correction of the first string, and correcting, using the association, user input by replacing a portion of the user input that matches the first string with the second string.

Abstract: Detecting heap spraying on a computer by determining that values of characteristics of a plurality of requests to allocate portions of heap memory are consistent with benchmark values of the characteristics, wherein the benchmark values of the characteristics are associated with heap spraying; and performing a computer-security-related remediation action responsive to determining that the values of the characteristics are consistent with the benchmark values of the characteristics.

Abstract: In various example embodiments, a system and method for correction of user input are presented. In one embodiment, a method includes receiving a plurality of user strings, selecting one or more string pairs from the plurality of user strings based on a character operator difference between the first string and the second string being below a threshold number, filtering the one or more string pairs to generate a filtered set of strings pairs representing corrections, and correcting user input in a different session by replacing input that matches a first string in a filtered string pair with a second string in the filtered string pair.

Abstract: Detecting malware-related activity on a computer by detecting activity associated with the creation of a data object, where the activity is performed by a process, where the process is an instance of a computer software application that resides in a computer memory and that is executed by a computer, and where the data object is configured to persist after termination of the process, determining a string that identifies the data object, searching for a portion of the string that identifies the data object within any areas of the computer memory storing static portions of the computer software application, and performing a computer-security-related remediation action responsive to determining that the portion of the string that identifies the data object is absent from the searched areas of the computer memory.

Abstract: Detecting malware-related activity on a computer by detecting activity associated with the creation of a data object, where the activity is performed by a process, where the process is an instance of a computer software application that resides in a computer memory and that is executed by a computer, and where the data object is configured to persist after termination of the process, determining a string that identifies the data object, searching for a portion of the string that identifies the data object within any areas of the computer memory storing static portions of the computer software application, and performing a computer-security-related remediation action responsive to determining that the portion of the string that identifies the data object is absent from the searched areas of the computer memory.

Abstract: Dynamic verification of a computer software application execution path by detecting execution of a target instruction of a computer software application, wherein the computer software application is configured to generate a token at an instruction near a waypoint instruction of the computer software application, and wherein the waypoint instruction lies along an execution path that leads to the target instruction. Determining, responsive to detecting execution of the target instruction, whether a token exists. Performing a computer-security-related remediation action responsive to determining that the token does not exist.

Abstract: A computer security method including detecting access, by a computer in a first computer network, to a computer-readable document, determining whether the computer-readable document was retrieved from a second computer network, identifying a reference, associated with the computer-readable document, to a resource at a location within the first computer network, and preventing access by the computer to the resource at the location within the first computer network responsive to determining that the computer-readable document was retrieved from the second computer network.

Abstract: System and method for determining, by a security application, whether an examined software code is a malware, according to which the system detects whenever the examined process code performs system calls and further detects a call site. Pieces of code in the surrounding area of the site and/or in branches related to the site are analyzed and the properties of the analyzed pieces of code are compared with a predefined software code patterns, for determining whether the examined process code corresponds to one of the predefined software code patterns. Then the examined process code is classified according to the comparison results.

Abstract: In various example embodiments, a system and method for correction of user input are presented. In one embodiment, a method includes receiving a plurality of user strings, selecting one or more string pairs from the plurality of user strings based on a character operator difference between the first string and the second string being below a threshold number, filtering the one or more string pairs to generate a filtered set of strings pairs representing corrections, and correcting user input in a different session by replacing input that matches a first string in a filtered string pair with a second string in the filtered string pair.

Abstract: A method for detecting malware in a user terminal device that has been infected by malware via a browser running on the user terminal device, according to which upon detecting a predetermined a triggering event on the user terminal, a security application installed on the terminal automatically activates a transparent browser to navigate to one or more predetermined URLs. Then the security application checks the code of an inspected webpage that has been received immediately after it is opened by the transparent browser and rechecks the code after being at least partially processed by the transparent browser. If a change the code is detected, an alert is issued, indicating that the terminal has been infected by malware.

Abstract: Detecting heap spraying on a computer by determining that values of characteristics of a plurality of requests to allocate portions of heap memory are consistent with benchmark values of the characteristics, wherein the benchmark values of the characteristics are associated with heap spraying; and performing a computer-security-related remediation action responsive to determining that the values of the characteristics are consistent with the benchmark values of the characteristics.

Abstract: Detecting the operation of a virtual machine by identifying seed candidates from sets of random numbers generated at a computer, where each of the sets includes multiple random numbers, identifying candidate performance counter frequencies from the seed candidates and from timing information associated with the sets of random numbers, and determining that the computer is operating as a virtual machine if any of the candidate performance counter frequencies is consistent with a predefined virtual machine performance counter frequency.