Virus detection by executing electronic message code in a virtual machine
First Claim
1. A method for analyzing executable code associated with electronic messages, the method comprising:
- detecting that an electronic message includes executable code, the electronic message designating a destination recipient;
identifying, for the electronic message, by executing an instruction with a processor, two or more destination computing systems corresponding to the destination recipient specified in the electronic message prior to delivery of the electronic message to the two or more destination computing systems, the two or more destination computing systems including a first destination computing system and a second destination computing system different from the first destination computing system;
identifying two or more different simulation environments respectively corresponding to the two or more destination computing systems;
executing the executable code in the two or more simulation environments;
monitoring, by executing an instruction with the processor, for a malicious action in response to execution of the executable code in the two or more simulation environments; and
delivering the electronic message to the destination recipient if the malicious action is not detected.
3 Assignments
0 Petitions
Accused Products
Abstract
Virus detection by executing electronic message code in a virtual machine is disclosed. An example method includes detecting that an electronic message includes executable code, the electronic message designating a destination recipient. Two or more destination computing systems are identified for the electronic message corresponding to the destination recipient specified in the electronic message prior to delivery of the electronic message to the two or more destination computing systems, the two or more destination computing systems including a first destination computing system and a second destination computing system different from the first destination computing system. Two or more simulation environments corresponding to the two or more destination computing systems are identified. The executable code is executed in the two or more simulation environments. The two or more simulation environments are monitored for a malicious action. The electronic message is delivered to the destination recipient if the action is detected.
73 Citations
16 Claims
-
1. A method for analyzing executable code associated with electronic messages, the method comprising:
-
detecting that an electronic message includes executable code, the electronic message designating a destination recipient; identifying, for the electronic message, by executing an instruction with a processor, two or more destination computing systems corresponding to the destination recipient specified in the electronic message prior to delivery of the electronic message to the two or more destination computing systems, the two or more destination computing systems including a first destination computing system and a second destination computing system different from the first destination computing system; identifying two or more different simulation environments respectively corresponding to the two or more destination computing systems; executing the executable code in the two or more simulation environments; monitoring, by executing an instruction with the processor, for a malicious action in response to execution of the executable code in the two or more simulation environments; and delivering the electronic message to the destination recipient if the malicious action is not detected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A tangible machine readable hardware storage disk or storage device comprising instructions which, when executed, cause a machine to at least:
-
detect that an electronic message includes executable code, the electronic message designating a destination recipient; identify, for the electronic message, two or more destination computing systems corresponding to the destination recipient specified in the electronic message prior to delivery of the electronic message to the two or more destination computing systems, the two or more destination computing systems including a first destination computing system and a second destination computing system different from the first destination computing system; identify two or more different simulation environments corresponding respectively to the two or more destination computing systems; execute the executable code in the two or more simulation environments; monitor for a malicious action in response to execution of the executable code in the two or more simulation environments; and deliver the electronic message to the destination recipient if the malicious action is not detected. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
Specification