SYSTEMS AND METHODS TO DETECT MALICIOUS MEDIA FILES
First Claim
1. An apparatus comprising:
- a network connection;
a memory including instructions stored thereon; and
a programmable processor communicatively coupled to the memory, wherein the instructions, when executed by the programmable processor, cause the programmable processor to;
receive a data stream from the network connection;
detect, within the data stream, at least a portion of a media file;
determine a file type of the media file from the detected portion of the media file;
extract the media file from the data stream received from the network connection;
parse the media file to locate a suspicious tag, wherein the suspicious tag is part of a set of tags and wherein the set of tags vary as a function of file type;
extract an embedded uniform resource locator (URL) from the suspicious tag;
determine whether the embedded URL is malicious; and
block the media file if the embedded URL is malicious.
10 Assignments
0 Petitions
Accused Products
Abstract
Systems and method to detect malicious media file are described. In one example, an apparatus including a network connection, a memory, and a programmable processor communicatively coupled to the memory is discussed. The memory can include instructions, which when executed by the programmable processor cause the apparatus to receive a data stream from the network connection and detect at least a portion of a media file within the data stream. The instructions can also cause the apparatus to determine a file type of the media file and extract the media file from the data stream. Further, the instructions cause the apparatus to parse the media file to location a suspicious tag, extract an embedded URL from the suspicious tag, determine with the embedded URL is malicious, and block the media file if the embedded URL is malicious.
-
Citations
20 Claims
-
1. An apparatus comprising:
-
a network connection; a memory including instructions stored thereon; and a programmable processor communicatively coupled to the memory, wherein the instructions, when executed by the programmable processor, cause the programmable processor to; receive a data stream from the network connection; detect, within the data stream, at least a portion of a media file; determine a file type of the media file from the detected portion of the media file; extract the media file from the data stream received from the network connection; parse the media file to locate a suspicious tag, wherein the suspicious tag is part of a set of tags and wherein the set of tags vary as a function of file type; extract an embedded uniform resource locator (URL) from the suspicious tag; determine whether the embedded URL is malicious; and block the media file if the embedded URL is malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
receiving data from an incoming network connection; detecting, within the data, at least a portion of a media file; determining a file type of the media file from the detected portion of the media file; extracting the media file from the data received from the incoming network connection; parsing the media file to locate a suspicious tag, wherein the suspicious tag is part of a set of tags and wherein the set of tags vary as a function of file type; extracting an embedded uniform resource locator (URL) from the suspicious tag; determining whether the embedded URL is malicious; and blocking the media file if the embedded URL is malicious. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a local network; a database including data related to potentially malicious URLs; and a computer communicatively coupled to the database, the computer including; a network interface connecting the computer to the local network; a memory containing instructions; and one or more processors communicatively coupled to the memory, wherein the instructions, when executed by the one or more processors, cause the computer to; monitor data transferred over the network through the network interface; detect, within the data transferred over the network, at least a portion of a media file; divert the media file into the memory; determine a file type of the media file from the detected portion of the media file; parse the media file to locate suspicious tags, wherein the suspicious tags are part of a set of tags and wherein the set of tags vary as a function of file type; extract an embedded uniform resource locator (URL) from a suspicious tag; determine whether the embedded URL is malicious; and discard the media file if the embedded URL is malicious. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification