Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using fictitious buddies
First Claim
1. A computer-assisted method of reducing the spread of malware in an instant message (IM) system, comprising:
- intercepting a buddy list sent from an IM server to an IM client;
adding one or more fictitious buddies to the intercepted buddy list;
forwarding the buddy list with the one or more fictitious buddies to the IM client; and
identifying a computer that hosts the IM client as a source of malware based on messages sent by the IM client to at least one of the fictitious buddies.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for reducing the spread of malware in communication between an instant message (IM) client and an IM server are described. An IM filter module (IM FM) is configured to intercept a buddy list sent from an IM server to an IM client, add one or more fictitious buddies to the intercepted buddy list, and forward the buddy list with the one or more fictitious buddies to the IM client. The IM FM is further configured to identify a computer that hosts the IM client as a source of malware based on messages sent by the IM client to at least one of the fictitious buddies and to determine that the host computer of the IM client is a source of malware if a content of the messages sent to the at least one of the fictitious buddies contains malware.
61 Citations
40 Claims
-
1. A computer-assisted method of reducing the spread of malware in an instant message (IM) system, comprising:
-
intercepting a buddy list sent from an IM server to an IM client;
adding one or more fictitious buddies to the intercepted buddy list;
forwarding the buddy list with the one or more fictitious buddies to the IM client; and
identifying a computer that hosts the IM client as a source of malware based on messages sent by the IM client to at least one of the fictitious buddies. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
2. The method of clam 1, wherein the act of identifying the host computer of the IM client as a source of malware further comprising:
determining that the host computer of the IM client is a source of malware if a content of the messages sent to the at least one of the fictitious buddies contains malware.
-
15. A computer-assisted system of reducing the spread of malware in an instant message (IM) system, comprising:
-
an IM filter module configured to intercept a buddy list sent from an IM server to an IM client, add one or more fictitious buddies to the intercepted buddy list, and forward the buddy list with the one or more fictitious buddies to the IM client; and
the IM filter module further configured to identify a computer that hosts the IM client as a source of malware based on messages sent by the IM client to at least one of the fictitious buddies. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program product, residing on a computer-readable medium, the computer program product comprising computer instructions for configuring a computer to perform the acts of:
-
intercepting a buddy list sent from an IM server to an IM client;
adding one or more fictitious buddies to the intercepted buddy list;
forwarding the buddy list with the one or more fictitious buddies to the IM client; and
identifying a computer that hosts the IM client as a source of malware based on messages sent by the IM client to at least one of the fictitious buddies. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification