JOSEPH C. CHEN, MD
Medical Practice at Sunset Blvd, Los Angeles, CA

8561195, Oct 15, 2013

Jan 9, 2012

13/346706

Joseph Chen - Los Angeles CA, US
Jing Rui - Chengdu, CN

Symantec Corporation - Mountain View CA

G06F 21/24

726 24, 726 22, 726 23

Malware is identified based on its use of a folder shortcut. Files are analyzed, in order to indentify files used to implement folder shortcuts. This can take the form of monitoring the creation of new files, or searching for existing files used to implement folder shortcuts. In response to detecting such a file, it can be determined that a folder shortcut exists. The contents of the file can also be analyzed, and the determination can be made in response to finding specific content indicative of a folder shortcut. The file analysis can also involve monitoring edits made to existing files indicative of folder shortcuts. In response to detecting such edits, the content being written can be analyzed, and in response to specific content being written, it can be determined that a folder shortcut exists.

8099784, Jan 17, 2012

Feb 13, 2009

12/371501

Joseph Chen - Los Angeles CA, US
Jamie Jooyoung Park - Los Angeles CA, US

Symantec Corporation - Mountain View CA

G06F 11/00

726 23

To evade heuristic detection, malware is often designed to trick users into installing the malware by being packaged in a standard installer known to the user's computer for typically installing legitimate software. To prevent removal of the malware, the malware modifies or removes its uninstaller. A security module manages this type of evasion technique by monitoring and detecting installations performed on a computer. The module detects attempts to remove or modify the uninstaller for the application to render the uninstaller incapable of uninstalling the application. The module can intercept and block such attempts, and then analyze the application for malicious code. Where the application is determined to be malware, the module prevents malicious activity. The module can also use the malware's own uninstaller to uninstall the malware from the computer.

8302194, Oct 30, 2012

Oct 26, 2009

12/606163

Robert Conrad - Culver City CA, US
Joseph Chen - Los Angeles CA, US

Symantec Corporation - Mountain View CA

G06F 12/14, G06F 7/04, G06F 11/30, G06F 15/173, G06F 15/16, H04L 29/06, H04L 9/32

726 24, 726 25, 726 26, 713151, 713165, 713168, 713187, 713188, 709224, 709225, 709232

The prevalence rate of a file to be subject to behavior based heuristics analysis is determined, and the aggressiveness level to use in the analysis is adjusted, responsive to the prevalence rate. The aggressiveness is set to higher levels for lower prevalence files and to lower levels for higher prevalence files. Behavior based heuristics analysis is applied to the file, using the set aggressiveness level. In addition to setting the aggressiveness level, the heuristic analysis can also comprise dynamically weighing lower prevalence files as being more likely to be malicious and higher prevalence files as being less likely. Based on the applied behavior based heuristics analysis, it is determined whether or not the file comprises malware. If it is determined that the file comprises malware, appropriate steps can be taken, such as blocking, deleting, quarantining and/or disinfecting the file.

8544090, Sep 24, 2013

Jan 21, 2011

13/011077

Joseph Huaning Chen - Los Angeles CA, US

Symantec Corporation - Mountain View CA

G06F 11/00, G06F 11/30, H04L 29/06

726 22, 726 23, 726 24, 713154, 713188

A computer-implemented method to detect a potentially malicious uniform resource locator (URL) is described. A presentation of a URL on a display of a computing device is detected. An actual URL associated with the URL presented on the display is obtained. The URL presented on the display is compared to the actual URL associated with the presented URL. If the URL presented on the display does not match the actual URL, the actual URL is prevented from being accessed.

8135617, Mar 13, 2012

Oct 18, 2007

11/975362

Michael N. Agostino - Glendale CA, US
Jason P. Fields - Los Angeles CA, US
Joseph Chen - Los Angeles CA, US
Yovav Meydad - Los Angeles CA, US
Jason Levine - Los Angeles CA, US
Michael Radford - Sierra Madre CA, US
David E. Benson - Pasadena CA, US
Christopher Starace - Pasadena CA, US
Eric J. Kim - Sherman Oaks CA, US

Snap Technologies, Inc. - Pasadena CA

G06Q 30/00

705 144, 705 11

The invention in some embodiments features a contextual content delivery system (CCDS) for enhancing conventional web content with pop-up bubbles that display information when a cursor hovers over a word, link, or icon. The CCDS is configured to identify words or links in a document, determine their context, select the appropriate bubble from a plural of bubble types for each of the words or links, select content for each bubble based, in part, on the context in which the words and hyperlinks are used. The context can be determined from various sources including the resource in which the word or link appears and the target resource to which the link points. Thereafter, the CCDS enhances the words or links so that bubbles are automatically invoked in response to the appropriate trigger.

8355949, Jan 15, 2013

Mar 12, 2012

13/418280

Michael N. Agostino - Glendale CA, US
Jason P. Fields - Los Angeles CA, US
Joseph Chen - Los Angeles CA, US
Yovav Meydad - Los Angeles CA, US
Jason Levine - Los Angeles CA, US
Michael Radford - Sierra Madre CA, US
David E. Benson - Pasadena CA, US
Christopher Starace - Pasadena CA, US
Eric J. Kim - Sherman Oaks CA, US

Ubermedia, Inc. - Pasadena CA

G06Q 30/00

705 144, 705 11

The invention in some embodiments features a contextual content delivery system (CCDS) for enhancing conventional web content with pop-up bubbles that display information when a cursor hovers over a word, link, or icon. The CCDS is configured to identify words or links in a document, determine their context, select the appropriate bubble from a plural of bubble types for each of the words or links, select content for each bubble based, in part, on the context in which the words and hyperlinks are used. The context can be determined from various sources including the resource in which the word or link appears and the target resource to which the link points. Thereafter, the CCDS enhances the words or links so that bubbles are automatically invoked in response to the appropriate trigger.

8528090, Sep 3, 2013

Jul 2, 2010

12/830286

Joseph Chen - Los Angeles CA, US
Jamie Jooyoung Park - Los Angeles CA, US

Symantec Corporation - Mountain View CA

G06F 21/00

726 24

A computer-implemented method for creating customized confidence bands for use in malware detection may include 1) identifying a portal for receiving executable content, 2) identifying metadata relating to the portal, 3) analyzing the metadata to determine what risk executable content received via the portal poses, and then 4) creating, based on the analysis, a confidence band to apply during at least one disposition of executable content received via the portal. Various other methods, systems, and computer-readable media are also disclosed.

8321935, Nov 27, 2012

Feb 26, 2009

12/393957

Joseph H. Chen - Los Angeles CA, US
Christopher Peterson - Culver City CA, US
Robert Conrad - Culver City CA, US

Symantec Corporation - Mountain View CA

G06F 11/00, G06F 12/14, G06F 12/16, G08B 23/00

726 22, 726 23

A malware analysis component receives information concerning malware infections on a large plurality of client computers, as detected by an anti-malware product or submitted directly by users. The malware analysis component analyzes this wide array of information, and identifies suspicious malware detection and submission activity associated with specific sources. Where identified suspicious patterns of malware detection and submission activity associated with a specific source meet a given threshold over time, the malware analysis component determines that the source is an originator of malware.

8490195, Jul 16, 2013

Dec 19, 2008

12/340125

Joseph H. Chen - Los Angeles CA, US
Jamie J. Park - Los Angeles CA, US

Symantec Corporation - Mountain View CA

G06F 12/14

726 24, 726 3, 726 12, 726 22, 726 27, 713194, 705 51

Method and apparatus for behavioral detection of malware in a computer system are described. In some embodiments, a request by a process executing on a computer to change time of a clock managed by the computer is detected. The process is identified as a potential threat. At least one attribute associated with the process is analyzed to determine a threat level. The request to change the time of the clock is blocked and the process is designated as a true positive threat if the threat level satisfies a threshold level.