MALWARE DETECTION SYSTEM BASED ON STORED DATA
First Claim
1. A malware detection system based on stored data, comprising:
- a messaging system database comprising one or more ofan archive of electronic messages,a contacts list,summary data derived from one or more of said archive of electronic messages and said contacts list;
a message filter coupled to said messaging system database, and configured to receive an electronic message comprising one or more message parts, said message parts comprisinga sender,one or more receivers,a message contents,a subject,one or more attachments,one or more links to web sites,a message thread;
determine whether said electronic message represents a potential threat, based on an analysis ofsaid message parts, andsaid messaging system database;
if said electronic message represents a potential threat, perform one or more of block access to said electronic message or to one or more of said message parts;
transform said electronic message to provide a warning to a user who attempts to access said electronic message or attempts to access one or more of said one or more message parts.
5 Assignments
0 Petitions
Accused Products
Abstract
A malware detection system based on stored data that analyzes an electronic message for threats by comparing it to previously received messages in a message archive or to a contacts list. Threat protection rules may be generated dynamically based on the message and contacts history. A message that appears suspicious may be blocked, or the system may insert warnings to the receiver not to provide personal information without verifying the message. Threat checks may look for unknown senders, senders with identities that are similar to but not identical to previous senders or to known contacts, or senders that were added only recently as contacts. Links embedded in messages may be checked by comparing them to links previously received or to domain names of known contacts. The system may flag messages as potential threats if they contradict previous messages, or if they appear unusual compared to the patterns of previous messages.
-
Citations
2 Claims
-
1. A malware detection system based on stored data, comprising:
-
a messaging system database comprising one or more of an archive of electronic messages, a contacts list, summary data derived from one or more of said archive of electronic messages and said contacts list; a message filter coupled to said messaging system database, and configured to receive an electronic message comprising one or more message parts, said message parts comprising a sender, one or more receivers, a message contents, a subject, one or more attachments, one or more links to web sites, a message thread; determine whether said electronic message represents a potential threat, based on an analysis of said message parts, and said messaging system database; if said electronic message represents a potential threat, perform one or more of block access to said electronic message or to one or more of said message parts; transform said electronic message to provide a warning to a user who attempts to access said electronic message or attempts to access one or more of said one or more message parts.
-
-
2-30. -30. (canceled)
Specification
-
- Resources
-
Current AssigneeMimecast Services Limited (Mimecast Limited)
-
Original AssigneeMimecast Services Limited (Mimecast Limited)
-
InventorsMaylor, Jackie, Tyler, Simon, Bauer, Peter, Benamram, Gilly, Sowden, Paul, Malone, Steven, Van Ry, Wayne, Ribeiro, Francisco
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current
-
CPC Class CodesG06F 21/6245 Protecting personal data, e...H04L 12/4625 Single bridge functionality...H04L 51/046 Interoperability with other...H04L 51/212 using filtering or selectiv...H04L 63/0254 Stateful filteringH04L 63/0281 ProxiesH04L 63/08 for authentication of entit...H04L 63/105 Multiple levels of securityH04L 63/1416 Event detection, e.g. attac...H04L 63/1433 Vulnerability analysisH04L 63/1441 Countermeasures against mal...H04L 63/145 the attack involving the pr...H04L 63/20 for managing network securi...
