DETECTING MACHINES COMPROMISED WITH MALWARE
First Claim
1. In a computerized environment comprising one or more computer systems having installed thereon one or more messaging applications that send and receive messages to or from one or more contacts, a method of detecting the presence of malware at any of the one or more computer systems using a decoy contact, comprising:
- installing one or more decoy contacts in a contact store used by one or more messaging applications in a host computer system;
identifying that one or more messages have been sent to any of the one or more decoy contacts from the host computer system; and
determining that the host computer system has been compromised with one or more malware applications based at least in part on the message to the one or more decoy contacts.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer system can be configured to identify when it has been infected with or otherwise compromised by malware, such as viruses, worms, etc. In one implementation, a computer system receives and installs one or more decoy contacts in a contact store and further installs one or more malware reporting modules that effectively filter outgoing messages. For example, a malware reporting module can redirect messages with a decoy contact address to an alternate inbox associated with the decoy contact. The same malware reporting module, or another module in the system, can also generate one or more reports indicating the presence of malware, either due to detection of the decoy contact address, or due to identifying messages in the decoy contact inbox. The host computer system that sent the message to the decoy contact can then be flagged as infected with malware.
27 Citations
20 Claims
-
1. In a computerized environment comprising one or more computer systems having installed thereon one or more messaging applications that send and receive messages to or from one or more contacts, a method of detecting the presence of malware at any of the one or more computer systems using a decoy contact, comprising:
-
installing one or more decoy contacts in a contact store used by one or more messaging applications in a host computer system; identifying that one or more messages have been sent to any of the one or more decoy contacts from the host computer system; and determining that the host computer system has been compromised with one or more malware applications based at least in part on the message to the one or more decoy contacts. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. In a computerized environment comprising one or more computer systems having installed thereon one or more messaging applications configured to send and receive messages to one or more contacts, a method of configuring a computer system to report the presence of a malware application using messages sent to a decoy contact, comprising:
-
identifying one or more messaging applications used by a host computer system; identifying one or more contact stores that are used by the one or more messaging applications; sending one or more messages to add one or more decoy contacts in any of the one or more contact stores, and to install one or more malware reporting modules configured at least in part to filter messages sent to the installed one or more decoy contacts; installing one or more alternate inboxes configured to receive messages directed to the corresponding one or more installed decoy contacts; and reviewing one or more reports that indicate that a message has been sent to an installed decoy contact. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. In a computerized environment comprising one or more computer systems having installed thereon one or more messaging applications that send and receive messages to or from one or more contacts, a computer program storage product having computer-executable instructions stored thereon that, when executed, cause one or more processors to perform a method comprising:
-
installing one or more decoy contacts in a contact store used by one or more messaging applications in a host computer system; identifying that one or more messages have been sent to any of the one or more decoy contacts from the host computer system; and determining that the host computer system has been compromised with one or more malware applications based at least in part on the message to the one or more decoy contacts.
-
Specification