OFF-LINE MMS MALWARE SCANNING SYSTEM AND METHOD
First Claim
1. A malware detection system, comprising:
- a network traffic analyzer operably adapted to scan a communications link of a network for a plurality of data packets associated with a communication and create a copy of said plurality of data packets without delaying said communication;
a packet reassembler operably adapted to reconstruct said copy of said plurality of data packets into a reconstructed communication;
a malware detector operably adapted to search for a malware in said reconstructed communication;
a network device identifier operably adapted to identify a network device associated with said communication if said malware is detected in said reconstructed communication by said malware detector; and
a mitigation component operably adapted to trigger, in said network device, a malware mitigating action.
4 Assignments
0 Petitions
Accused Products
Abstract
An Off-Line MMS Malware Scanning System and Method that detects malware in MMS messages without delaying Multimedia Messaging Service (MMS) communications is presented. The system comprises a network traffic scanner that replicates MMS traffic, with the original MMS traffic passing unaffected directly to the receiving mobile device, and a copy of the MMS traffic being routed to a packet reassembler that reconstructs the original MMS message. The reconstructed MMS message is then scanned, and if malware is detected, the receiving mobile device is notified of the presence of malware in the received MMS message. Because the MMS messages are scanned off-line, the flow of MMS traffic to mobile devices is not delayed.
337 Citations
20 Claims
-
1. A malware detection system, comprising:
-
a network traffic analyzer operably adapted to scan a communications link of a network for a plurality of data packets associated with a communication and create a copy of said plurality of data packets without delaying said communication; a packet reassembler operably adapted to reconstruct said copy of said plurality of data packets into a reconstructed communication; a malware detector operably adapted to search for a malware in said reconstructed communication; a network device identifier operably adapted to identify a network device associated with said communication if said malware is detected in said reconstructed communication by said malware detector; and a mitigation component operably adapted to trigger, in said network device, a malware mitigating action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of detecting a malware in a communication in a network, comprising:
-
scanning a communications link for a plurality of data packets associated with the communication, without delaying said communication; reassembling said plurality of data packets into a reconstructed communication; detecting a malware in said reconstructed communication; identifying a network device associated with said communication; and triggering a mitigating action in said network device if said detecting detects said malware. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A malware mitigation system, comprising:
-
means for scanning a communications link to a Multimedia Messaging Services Center to obtain a copy of a Multimedia Message Service communication in a transmission to a network device without delaying said transmission of said Multimedia Message Service communication to said network device; means for detecting a malware in said copy of said Multimedia Message Service communication; and means for mitigating said malware in said Multimedia Message Service communication at said network device. - View Dependent Claims (20)
-
Specification