Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using automated IM users

US 20070006028A1
Filed: 07/01/2005
Published: 01/04/2007
Est. Priority Date: 07/01/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-assisted method of reducing the spread of malware in communication between instant message (IM) clients and an IM server, comprising:

registering one or more virtual IM users with the IM server, wherein each virtual IM user includes an account name by which one or more users of the IM server are able to communicate with the virtual IM user associated with the account name;

causing the account names of the virtual IM users to be illicitly acquired by a source of malware by publicizing the account names of the virtual IM users; and

identifying, the source of malware, when the source of malware sends a message to any one of the virtual IM users.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for reducing the spread of malware in communication between an instant message (IM) client and an IM server are described. A malware trapping system (MTS) creates and registers a set of virtual IM users with an IM server. The virtual IM users include account names by which other users of the IM server can communicate with the virtual IM users. The MTS publicizes the account names of the virtual IM users, which causes sources of malware to illicitly acquire the account names of the virtual IM users. The MTS identifies any IM user sending a message to one of the virtual users as a source of malware. The MTS also identifies such a message as a malware message and collects information about the sources of malware and malware messages and stores the information in a database. An IM filter module, accessing the information stored in the database, identifies and blocks malware messages based on the information.

46 Citations

View as Search Results

33 Claims

1. A computer-assisted method of reducing the spread of malware in communication between instant message (IM) clients and an IM server, comprising:
- registering one or more virtual IM users with the IM server, wherein each virtual IM user includes an account name by which one or more users of the IM server are able to communicate with the virtual IM user associated with the account name;
  
  causing the account names of the virtual IM users to be illicitly acquired by a source of malware by publicizing the account names of the virtual IM users; and
  
  identifying, the source of malware, when the source of malware sends a message to any one of the virtual IM users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the act of publicizing the account names includes:
    - logging-on to the IM server; and
      
      making the presence of one or more of the virtual IM users known to the users of the IM server.
  - 3. The method of claim 1, wherein the act of publicizing the account names includes:
    - connecting to a chat room; and
      
      making the presence of one or more of the virtual IM users known to other members of the chat room.
  - 4. The method of claim 3, wherein the act of publicizing the account names includes:
    - participating in a dialog with the other members of the chat room by automatically responding to an input message.
  - 5. The method of claim 4, wherein the act of automatically responding includes:
    - generating a response message by matching an expression contained in the input message with an expression stored in a database that contains input expressions and one or more associated output expressions for each input expression;
      
      or parsing the input message into a parameterized regular expression and generating the response message using one or more of the parsed input expressions.
  - 6. The method of claim 1, wherein the act of publicizing the account names includes:
    - populating a user registry of the IM server with one or more of the account names of the virtual IM users.
  - 7. The method of claim 1 further comprising:
    - blocking any message sent by the identified source of malware.
  - 8. The method of claim 1 further comprising:
    - storing, into a database, the account name of identified source of malware.
  - 9. The method of claim 8 further comprising:
    - blocking any message that is sent by a user of the IM server having an identical or similar account name with any account names stored in the database as sources of malware.
  - 10. The method of claim 1 further comprising:
    - storing, into a database, a content of a message sent by identified source of malware.
  - 11. The method of claim 10 further comprising:
    - blocking any message that contains an identical or similar content with contents of messages stored in the database as sent by identified source of malware.
  - 12. The method of claim 1 further comprising:
    - storing, into a database, a unique identifier of the identified source of malware.
  - 13. The method of claim 12 further comprising:
    - blocking any message that is sent by a user of the IM server having an identical or similar unique identifier with any unique identifiers stored in the database as sources of malware.

14. A computer-assisted system of reducing the spread of malware in communication between an instant message (IM) client and an IM server, comprising:
- a malware trapping system configured to register one or more virtual IM users with the IM server, wherein each virtual user includes an account name by which one or more users of the IM server are able to communicate with the virtual IM user associated with the account name;
  
  the malware trapping system further configured to cause the account names of the virtual IM users to be illicitly acquired by a source of malware by publicizing the account names of the virtual IM users;
  
  the malware trapping system further configured to identify, the source of malware, when the source of malware sends a message to any one of the virtual IM users.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The system of claim 14, wherein the malware trapping system further comprises:
    - an IM login system configured to log-on to the IM server as one of the registered virtual users; and
      
      the IM login system further configured to make the presence of the logged-on virtual user known to other users of the IM server.
  - 16. The system of claim 15, the malware trapping system further comprises:
    - a chat room access system configured to connect to a chat room and to make the presence of one or more of the virtual IM users known to other members of the chat room.
  - 17. The system of claim 16, wherein the chat room access system is further configured to participate in a dialog with other members of the chat room by automatically responding to a input message.
  - 18. The system of claim 16, wherein the chat room access system is further configured to generate a response message by matching an expression contained in the input message with an expression stored in a database that contains input expressions and one or more associated output expressions for each input expression.
  - 19. The system of claim 14, wherein the malware trapping system further comprises:
    - an IM server registry populating system configured to populate a user registry of the IM server with one or more of the account names of the virtual IM users.
  - 20. The system of claim 14 further comprising:
    - an IM filter module coupled to the malware trapping system and configured to block any message sent by the identified source of malware.
  - 21. The system of claim 14 further comprising:
    - a database configured to store unique identifiers of sources of malware.
  - 22. The system of claim 21 further comprising:
    - an IM filter module coupled to the malware trapping system and configured to block any message that is sent by a user of the IM server having an identical or similar unique identifier with any unique identifiers stored in the database as sources of malware.

23. A computer program product, residing on a computer-readable medium, the computer program product comprising computer instructions for configuring a computer to perform the acts of:
- registering one or more virtual IM users with the IM server, wherein each virtual IM user includes an account name by which one or more users of the IM server are able to communicate with the virtual IM user associated with the account name;
  
  causing the account names of the virtual IM users to be illicitly acquired by a source of malware by publicizing the account names of the virtual IM users; and
  
  identifying, the source of malware, when the source of malware sends a message to any one of the virtual IM users.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The product of claim 23, wherein the instructions for the act of publicizing the account names further includes instructions to perform acts of:
    - logging-on to the IM server; and
      
      making the presence of one or more of the virtual IM users known to other users of the IM server.
  - 25. The product of claim 23, wherein the instructions for the act of publicizing the account names further includes instructions to perform acts of:
    - connecting to a chat room; and
      
      making the presence of one or more of the virtual IM users known to other members of the chat room.
  - 26. The product of claim 25, wherein the instructions for the act of automatically responding further includes instructions to perform acts of:
    - participating in a dialog with the other members of the chat room by automatically responding to an input message.
  - 27. The product of claim 26, wherein the instructions for the act of publicizing the account names further includes instructions to perform acts of:
    - generating a response message by matching an expression contained in the input message with an expression stored in a database that contains input expressions and one or more associated output expressions for each input expression;
      
      or parsing the input message into a parameterized regular expression and generating the response message using one or more of the parsed input expressions.
  - 28. The product of claim 23, wherein the instructions for the act of publicizing the account names further includes instructions to perform acts of:
    - populating a user registry of the IM server with one or more of the account names of the virtual IM users.
  - 29. The product of claim 23 further including instructions to perform acts of:
    - blocking any message sent by the identified source of malware.
  - 30. The product of claim 23 further including instructions to perform acts of:
    - storing, into a database, a content of a message sent by identified source of malware.
  - 31. The product of claim 30 further including instructions to perform acts of:
    - blocking any message that contains an identical or similar content with contents of messages stored in the database as sent by identified source of malware.
  - 32. The product of claim 23 further including instructions to perform acts of:
    - storing, into a database, a unique identifier of the identified source of malware.
  - 33. The product of claim 32 further including instructions to perform acts of:
    - blocking any message that is sent by a user of the IM server having an identical or similar unique identifier with any unique identifiers stored in the database as sources of malware.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Imiogic Incorporated
Inventors
Shah, Milan, Roychowdhary, Anandamoy, Sakoda, Jon, Lorenzo, Eric, Gilliland, Arthur, Desouza, Francis

Granted Patent

US 7,822,818 B2
Time in Patent Office

Days
Field of Search
US Class Current

714/12
CPC Class Codes

H04L 51/04   Real-time or near real-time...

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1425   Traffic logging, e.g. anoma...

Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using automated IM users

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using automated IM users

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links