Predictive malware scanning of internet data

US 20040088570A1
Filed: 12/21/2001
Published: 05/06/2004
Est. Priority Date: 12/21/2001
Status: Active Grant

First Claim

Patent Images

1. A computer program product for controlling a computer to scan data accessible via an internet link for malware, said computer program product comprising:

(i) address identifying code operable to identify within currently held data at least one internet address associated with said currently held data;

(ii) retrieving code operable to retrieve via said internet link addressed data corresponding to said at least one internet address; and

(iii) scanning code operable to scan said addressed data for malware.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

E-mail messages or computer files are scanned to identify embedded internet addresses 18. These embedded internet addresses 18 refer to data that may be retrieved via the internet 4. This data is pre-emptively retrieved and scanned for malware even though it has not been requested by a user. If the data is found to be malware-free, then a record of this is kept. If a user subsequently seeks to access the data associated with that embedded internet address, then the stored data may be referred to and if the internet address is found and the data associated with that address is unchanged since it was previously scanned, then that data may be supplied to the user without the need to be rescanned.

151 Citations

27 Claims

1. A computer program product for controlling a computer to scan data accessible via an internet link for malware, said computer program product comprising:
- (i) address identifying code operable to identify within currently held data at least one internet address associated with said currently held data;
  
  (ii) retrieving code operable to retrieve via said internet link addressed data corresponding to said at least one internet address; and
  
  (iii) scanning code operable to scan said addressed data for malware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A computer program product as claimed in claim 1, further comprising storing code operable to store result data identifying at least addressed data in which malware was not found.
  - 3. A computer program product as claimed in claim 1, wherein said address identifying code is operable to search within said currently held data for string data having a format matching a pointer to an internet address.
  - 4. A computer program product as claimed in claim 1, wherein said currently held data includes received e-mail messages.
  - 5. A computer program product as claimed in claim 1, wherein said scanning code is operable to seek to detect within said addressed data one or more of:
    - computer viruses;
      
      worms;
      
      Trojans;
      
      banned computer programs;
      
      banned words;
      
      or banned images.
  - 6. A computer program product as claimed in claim 1, wherein said computer is a firewall computer via which internet traffic is passed to a local computer network.
  - 7. A computer program product as claimed in claim 1, wherein said addressed data is cached when it has been retrieved.
  - 8. A computer program product as claimed in claim 1, wherein if malware is detected within said addressed data, then one or more malware found actions are triggered.
  - 9. A computer program product as claimed in claim 1, wherein said malware found actions including at least one of:
    - (i) preventing access to said currently held data;
      
      (ii) removing said at least one internet address from said currently held data;
      
      (iii) preventing access to said addressed data;
      
      (iv) removing said malware from said addressed data to generate clean addressed data and supplying said clean addressed data in place of said addressed data;
      
      (iv) blocking internet access by a computer detected to be seeking to access said at least one internet address.

10. A method of scanning data accessible via an internet link for malware, said method comprising the steps of:
- (i) identifying within currently held data at least one internet address associated with said currently held data;
  
  (ii) retrieving via said internet link addressed data corresponding to said at least one internet address; and
  
  (iii) scanning said addressed data for malware.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. A method as claimed in claim 10, further comprising storing result data identifying at least addressed data in which malware was not found.
  - 12. A method as claimed in claim 10, wherein said step of identifying includes searching within said currently held data for string data having a format matching a pointer to an internet address.
  - 13. A method as claimed in claim 10, wherein said currently held data includes received e-mail messages.
  - 14. A method as claimed in claim 10, wherein said step of scanning seeks to detect within said addressed data one or more of:
    - computer viruses;
      
      worms;
      
      Trojans;
      
      banned computer programs;
      
      banned words;
      
      or banned images.
  - 15. A method as claimed in claim 10, wherein said method is performed by a firewall computer via which internet traffic is passed to a local computer network.
  - 16. A method as claimed in claim 10, wherein said addressed data is cached when it has been retrieved.
  - 17. A method as claimed in claim 10, wherein if malware is detected within said addressed data, then one or more malware found actions are triggered.
  - 18. A method as claimed in claim 10, wherein said malware found actions 03 including at least one of:
    - (i) preventing access to said currently held data;
      
      (ii) removing said at least one internet address from said currently held data;
      
      (iii) preventing access to said addressed data;
      
      (iv) removing said malware from said addressed data to generate clean addressed data and supplying said clean addressed data in place of said addressed data;
      
      (v) blocking internet access by a computer detected to be seeking to access said at least one internet address.

19. Apparatus for scanning data accessible via an internet link for malware, said apparatus comprising:
- (i) address identifying logic operable to identify within currently held data at least one internet address associated with said currently held data;
  
  (ii) retrieving logic operable to retrieve via said internet link addressed data corresponding to said at least one internet address; and
  
  (iii) scanning logic operable to scan said addressed data for malware.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. Apparatus as claimed in claim 19, further comprising storing logic operable to store result data identifying at least addressed data in which malware was not found.
  - 21. Apparatus as claimed in claim 19, wherein said address identifying logic is operable to search within said currently held data for string data having a format matching a pointer to an internet address.
  - 22. Apparatus as claimed in claim 19, wherein said currently held data includes received e-mail messages.
  - 23. Apparatus as claimed in claim 19, wherein said scanning logic is operable to seek to detect within said addressed data one or more of:
    - computer viruses;
      
      worms;
      
      Trojans;
      
      banned computer programs;
      
      banned words;
      
      or banned images.
  - 24. Apparatus as claimed in claim 19, wherein said computer is a firewall computer via which internet traffic is passed to a local computer network.
  - 25. Apparatus as claimed in claim 19, wherein said addressed data is cached when it has been retrieved.
  - 26. Apparatus as claimed in claim 19, wherein if malware is detected within said addressed data, then one or more malware found actions are triggered.
  - 27. Apparatus as claimed in claim 19, wherein said malware found actions including at least one of:
    - (i) preventing access to said currently held data;
      
      (ii) removing said at least one internet address from said currently held data;
      
      (iii) preventing access to said addressed data;
      
      (iv) removing said malware from said addressed data to generate clean addressed data and supplying said clean addressed data in place of said addressed data;
      
      (v) blocking internet access by a computer detected to be seeking to access said at least one internet address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Roberts, Guy William Welch, Baulk, Eamonn John, Cole, Andrew Lewis

Granted Patent

US 7,096,500 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/566 Dynamic detection, i.e. det...

H04L 63/1416 Event detection, e.g. attac...

Predictive malware scanning of internet data

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

151 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Predictive malware scanning of internet data

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

151 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links