OFF-LINE MMS MALWARE SCANNING SYSTEM AND METHOD

US 20080196104A1
Filed: 02/11/2008
Published: 08/14/2008
Est. Priority Date: 02/09/2007
Status: Abandoned Application

First Claim

Patent Images

1. A malware detection system, comprising:

a network traffic analyzer operably adapted to scan a communications link of a network for a plurality of data packets associated with a communication and create a copy of said plurality of data packets without delaying said communication;

a packet reassembler operably adapted to reconstruct said copy of said plurality of data packets into a reconstructed communication;

a malware detector operably adapted to search for a malware in said reconstructed communication;

a network device identifier operably adapted to identify a network device associated with said communication if said malware is detected in said reconstructed communication by said malware detector; and

a mitigation component operably adapted to trigger, in said network device, a malware mitigating action.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Off-Line MMS Malware Scanning System and Method that detects malware in MMS messages without delaying Multimedia Messaging Service (MMS) communications is presented. The system comprises a network traffic scanner that replicates MMS traffic, with the original MMS traffic passing unaffected directly to the receiving mobile device, and a copy of the MMS traffic being routed to a packet reassembler that reconstructs the original MMS message. The reconstructed MMS message is then scanned, and if malware is detected, the receiving mobile device is notified of the presence of malware in the received MMS message. Because the MMS messages are scanned off-line, the flow of MMS traffic to mobile devices is not delayed.

337 Citations

20 Claims

1. A malware detection system, comprising:
- a network traffic analyzer operably adapted to scan a communications link of a network for a plurality of data packets associated with a communication and create a copy of said plurality of data packets without delaying said communication;
  
  a packet reassembler operably adapted to reconstruct said copy of said plurality of data packets into a reconstructed communication;
  
  a malware detector operably adapted to search for a malware in said reconstructed communication;
  
  a network device identifier operably adapted to identify a network device associated with said communication if said malware is detected in said reconstructed communication by said malware detector; and
  
  a mitigation component operably adapted to trigger, in said network device, a malware mitigating action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The malware detection system of claim 1, said network device selected from the group consisting of a mobile phone, an MMS enabled mobile phone, a BlueTooth enabled mobile device, a WiFi enabled mobile device, an IEEE 802.x enabled mobile device, a collection agent, a network traffic analyzer, a firewall, a network switch, a network router, a gateway, a network management system, and an OAM&
    - P network management system.
  - 3. The malware detection system of claim 1, said mitigation component notifies a user of said network device of said malware in said communication and enabling said user to perform said mitigating action.
  - 4. The malware detection system of claim 1, said mitigating action selected from the group consisting of a generating of an alert to said network device, direction of an update of a scanner software of said network device, selective filtering of communications from said network device, disablement of a data connection of said network device.
  - 5. The malware detection system of claim 1, said mitigation component performs a preventative action in said network, said preventative action selected from the group consisting of generation of an alert for transmission to a plurality of mobile devices, direction of an update of scanner software of said plurality of mobile devices, and disablement of a data connection.
  - 6. The malware detection system of claim 1, said malware mitigating action occurring at an interval selected from the group consisting of a time just prior to said communication arriving in said network device, a time approximately concurrent with said communication arriving in said network device, and a time just after said communication arrives in said network device.
  - 7. The malware detection system of claim 1, said malware mitigation action performed on said communication, and said malware mitigation action selected from the group consisting of deleting of said communication, quarantining said communication, preventing said communication from being opened, and marking said communication.
  - 8. The malware detection system of claim 1, said communication is a Multimedia Messaging Service communication.
  - 9. The malware detection system of claim 1, said communications link is a communications link to a Multimedia Messaging Services Center.

10. A method of detecting a malware in a communication in a network, comprising:
- scanning a communications link for a plurality of data packets associated with the communication, without delaying said communication;
  
  reassembling said plurality of data packets into a reconstructed communication;
  
  detecting a malware in said reconstructed communication;
  
  identifying a network device associated with said communication; and
  
  triggering a mitigating action in said network device if said detecting detects said malware.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, said malware mitigation action selected from the group consisting of deleting of said communication, quarantining said communication, preventing said communication from being opened, and marking said communication.
  - 12. The method of claim 10, said further comprising:
    - notifying said network device of said malware in said communication.
  - 13. The method of claim 10, wherein said network device is a mobile device and further comprising:
    - notifying a user of said mobile device of said malware in said communication.
  - 14. The method of claim 13, further comprising:
    - requesting said user to perform said mitigating action.
  - 15. The method of claim 10, said mitigating action selected from the group consisting of a generating of an alert to said network device, direction of an update of a scanner software of said network device, selective filtering of communications from said network device, disablement of a data connection of said network device.
  - 16. The method of claim 10, further comprising:
    - performing a preventative measure in the network to prevent said malware from spreading.
  - 17. The method of claim 16, said preventative measure selected from the group consisting of updating a firewall associated with the mobile network based at least in part on said malware, directing a network analyzer to intercept data packets for malware scanning based at least in part on said malware, updating a network malware scanning algorithm based at least in part on said malware, and updating a malware scanning algorithm of a mobile device based at least in part on said malware.
  - 18. The method of claim 10, said communications link is a communications link to a Multimedia Messaging Services Center, and said communications is a Multimedia Message Service communications.

19. A malware mitigation system, comprising:
- means for scanning a communications link to a Multimedia Messaging Services Center to obtain a copy of a Multimedia Message Service communication in a transmission to a network device without delaying said transmission of said Multimedia Message Service communication to said network device;
  
  means for detecting a malware in said copy of said Multimedia Message Service communication; and
  
  means for mitigating said malware in said Multimedia Message Service communication at said network device.
- View Dependent Claims (20)
- - 20. The malware mitigation system of claim 19, said network device is a mobile phone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Tuvell, George, Jiang, Chunyu, Bhardwaj, Shantaru

Application Number

US12/029,451
Publication Number

US 20080196104A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 51/58   Message adaptation for wire...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1491   using deception as counterm...

H04L 65/765   intermediate

H04W 12/128   Anti-malware arrangements, ...

H04W 4/12   Messaging; Mailboxes; Annou...

OFF-LINE MMS MALWARE SCANNING SYSTEM AND METHOD

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

337 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

OFF-LINE MMS MALWARE SCANNING SYSTEM AND METHOD

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

337 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others