System and Method for Enhanced Malware Detection

US 20080155696A1
Filed: 12/18/2007
Published: 06/26/2008
Est. Priority Date: 12/22/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling malware within a wireless ecosystem, comprising:

receiving a plurality of messages passing through a wireless ecosystem, the messages being considered received messages;

performing one or more analytic steps on the received messages within a Message Evaluation Framework;

generating one or more indicators in view of results of the analytic steps;

generating one or more events in view of the indicators and a list of previously defined events; and

disposing of the received messages consistent with the generated events.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A service that leverages a flexible, extensible, and dynamically configurable Message Evaluation Framework to provide comprehensive malware detection and optional malware elimination capabilities within established wireless messaging paradigms such as, possibly inter alia, Multimedia Message Service, Wireless Application Protocol, and IP Multimedia Subsystem. The service may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.

24 Citations

View as Search Results

20 Claims

1. A method for controlling malware within a wireless ecosystem, comprising:
- receiving a plurality of messages passing through a wireless ecosystem, the messages being considered received messages;
  
  performing one or more analytic steps on the received messages within a Message Evaluation Framework;
  
  generating one or more indicators in view of results of the analytic steps;
  
  generating one or more events in view of the indicators and a list of previously defined events; and
  
  disposing of the received messages consistent with the generated events.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein elements of one or more of (a) the received messages, (b) results of the analytic steps, (c) the indicators, (d) the events, and/or (e) disposition of the received messages are preserved in a repository.
  - 3. The method of claim 1, wherein a received message that is identified as containing malware result in one or more of (a) the dropping of the received message, (b) the quarantine of the received message, (c) the cleansing of the received message, (d) the generation of one or more alert messages, and/or (e) the generation of one or more lower-level protocol actions.
  - 4. The method of claim 3, wherein the cleansing operation comprises replacing content considered malware with Phantom Content.
  - 5. The method of claim 3, wherein an alert message is one or more of (a) a Short Message Service message and/or (b) a Multimedia Message Service message.
  - 6. The method of claim 1, wherein the Message Evaluation Framework supports one or more of (a) a dynamic catalog of Mobile Malware Signature Files, (b) a Mobile Malware Signature File normalization facility, and/or (c) sensitivity factors.
  - 7. The method of claim 6, wherein the sensitivity factor is employed to calculate a probability of whether a given received message contains malware.
  - 8. The method of claim 6, wherein a sensitivity factor is based on one or more of (a) source address, (b) frequency count, (c) time of day, (d) day of week, and/or (e) source carrier.
  - 9. The method of claim 8, wherein the frequency count is determined through a sliding window.
  - 10. The method of claim 8, wherein a weighting factor is maintained for an element of a sensitivity factor.

11. A method for detecting messages containing malware traversing a wireless network, comprising:
- intercepting a message at a messaging inter-carrier vendor (MICV) that was sent over a wireless network; and
  
  passing the message to an application server that is in communication with a database, and calculating by the application server a probability that the message contains malware,wherein the calculating comprises analyzing the content the message.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising comparing portions of the message to a plurality of mobile malware signature files.
  - 13. The method of claim 12, wherein the plurality of mobile malware signature files are generated based on one or more of publicly available freeware, shareware or open source commercial sources.
  - 14. The method of claim 13, wherein a mobile malware signature file comprises a binary pattern.
  - 15. The method of claim 11, further comprising identifying a portion of the content as malware.
  - 16. The method of claim 15, further comprising replacing the portion of the content with phantom content.
  - 17. The method of claim 16, wherein the phantom content includes an information element unrelated to the now-excised content.
  - 18. The method of claim 16, further comprising sending the message with the phantom content back to the application for re-calculation of a probability that the message with the phantom content contains malware.
  - 19. The method of claim 16, further comprising generating and sending an MM4 negative acknowledgement message in view of an instance of detected malware in the message.
  - 20. The method of claim 11, wherein the message is a multimedia message service (MMS) message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sybase 365 Incorporated (SAP SE)
Original Assignee
Sybase 365 Incorporated (SAP SE)
Inventors
Dudley, William H., Lovell, Robert C.

Application Number

US11/958,759
Publication Number

US 20080155696A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/568   eliminating virus, restorin...

G06F 2221/2151   Time stamp

H04L 51/212   using filtering or selectiv...

H04L 63/1416   Event detection, e.g. attac...

H04W 12/128   Anti-malware arrangements, ...

System and Method for Enhanced Malware Detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and Method for Enhanced Malware Detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others