Abstract: The present invention relates to the security of general purpose computing devices, such as laptop or desktop PCs, and more specifically to the detection of malicious software (malware) on a general purpose computing device. A challenge in maintaining a plurality of computing systems is that it may be required to have visibility into the extensive collection of computing related resources located across those systems as well as information about resources together with their behaviors and evolutions within those systems. Examples of such resources include files, file names, registry keys, entries in network communications logs, etc. Accordingly, we present novel methods, components, and systems for keeping track of information about these resources and presenting this information to an ultimate end user.

Abstract: A method and apparatus for monitoring communications from a communications device comprising monitoring communications from a communications device by storing a data acquisition address in a contact list of the communications device that identifies a location of a monitoring device. Further, when malicious software uses the contact list to send messages, a message is sent using the malicious software to the monitoring device using the data acquisition address.

Abstract: An security module includes a detection module for determining that an electronic message received for scanning includes a protected component. The security module also includes a parsing module for parsing the electronic message to identify potential passwords for the protected component. The security module further includes an analysis module for attempting to access the protected component of the electronic message using the identified potential passwords. A submission module submits potential passwords to a decomposition module for accessing the protected component. If the correct password is found, the decomposition module opens the protected component and/or extracts the contents of the archive. An analyzer module analyzes or scans the contents of the protected component.

Abstract: A technique is disclosed for capturing a security breach. In one embodiment, the technique comprises initially deploying a honey pot; detecting a breach of the honey pot; and automatically redeploying the honey pot.

Abstract: Data streams are scanned to detect malicious jump-call-pop shellcode constructs used in attacks against stack-based buffer overflow vulnerabilities on software executing in the IA32 architecture prior to execution. Upon a detection of a malicious jump-call-pop shellcode construct, protective action is taken, such as preventing the malicious shellcode from executing.

Abstract: Security events based on network message traffic and other network security information are analyzed to identify validated security threats occurring on one or more networks. Alerts are prepared based on the results of the security analysis.