INTRUSION PREVENTION AND REMEDY SYSTEM
First Claim
Patent Images
1. A computerized method, comprising:
- intercepting an incoming message from a remote source directed to an endpoint device, the endpoint device being detected as including a callback malware;
substituting a first portion of information within the incoming message with a second portion of information, the second portion of information mitigates operability of the callback malware; and
returning the incoming message including the second portion of the information to the endpoint device.
7 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, a computerized method is directed to neutralizing callback malware. This method involves intercepting an incoming message from a remote source directed to a compromised endpoint device. Next, a first portion of information within the incoming message is substituted with a second portion of information. The second portion of information is designed to mitigate operability of the callback malware. Thereafter, the modified incoming message, which includes the second portion of the information, is returned to the compromised endpoint device.
-
Citations
27 Claims
-
1. A computerized method, comprising:
-
intercepting an incoming message from a remote source directed to an endpoint device, the endpoint device being detected as including a callback malware; substituting a first portion of information within the incoming message with a second portion of information, the second portion of information mitigates operability of the callback malware; and returning the incoming message including the second portion of the information to the endpoint device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computerized method comprising:
-
scanning memory of an endpoint device; performing virtual analysis on information obtained from the scanned memory to (1) determine that the information is callback malware and (2) generate callback check information corresponding to the callback malware; in response to a malicious callback session being detected based on the callback check information, intercepting an incoming message from a remote source directed to the endpoint device of the one or more endpoint devices, the incoming message being a response to a callback message from the endpoint device, substituting a first portion of information within the incoming message with a second portion of information, the second portion of information mitigates operability of the callback malware, and returning the incoming message including the second portion of the information to the endpoint device. - View Dependent Claims (19)
-
-
20. A system comprising:
-
an interface to receive an incoming message from a remote source directed to an endpoint device, the endpoint device being previously detected as including a callback malware; and a first analysis engine in communication with the interface, the first analysis engine to (i) intercept the incoming message, (ii) substitute a first portion of information within the incoming message with a second portion of information where the second portion of information mitigates operability of the callback malware, and (iii) return the incoming message including the second portion of the information to the endpoint device. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
Specification