Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using fictitious buddies
First Claim
1. A computer-assisted method of reducing spread of malware in an instant message (IM) system, comprising:
- intercepting a buddy list sent from an IM server to an IM client;
adding one or more fictitious buddies to the intercepted buddy list;
forwarding the buddy list with the one or more fictitious buddies to the IM client;
identifying that a computer that hosts the IM client sent a message to at least one of the fictitious buddies;
interactively confirming with a user of the IM client whether the user intended to send the message; and
responsive to the user denying sending the message to the at least one of the fictitious buddies, identifying the host computer of the IM client as a source of malware.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for reducing the spread of malware in communication between an instant message (IM) client and an IM server are described. An IM filter module (IM FM) is configured to intercept a buddy list sent from an IM server to an IM client, add one or more fictitious buddies to the intercepted buddy list, and forward the buddy list with the one or more fictitious buddies to the IM client. The IM FM is further configured to identify a computer that hosts the IM client as a source of malware based on messages sent by the IM client to at least one of the fictitious buddies and to determine that the host computer of the IM client is a source of malware if a content of the messages sent to the at least one of the fictitious buddies contains malware.
-
Citations
37 Claims
-
1. A computer-assisted method of reducing spread of malware in an instant message (IM) system, comprising:
-
intercepting a buddy list sent from an IM server to an IM client; adding one or more fictitious buddies to the intercepted buddy list; forwarding the buddy list with the one or more fictitious buddies to the IM client; identifying that a computer that hosts the IM client sent a message to at least one of the fictitious buddies; interactively confirming with a user of the IM client whether the user intended to send the message; and responsive to the user denying sending the message to the at least one of the fictitious buddies, identifying the host computer of the IM client as a source of malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-assisted system of reducing spread of malware in an instant message (IM) system, comprising:
-
an IM filter module configured to intercept a buddy list sent from an IM server to an IM client, add one or more fictitious buddies to the intercepted buddy list, and forward the buddy list with the one or more fictitious buddies to the IM client; and the IM filter module further configured to identify that a computer that hosts the IM client sent a message to at least one of the fictitious buddies, interactively confirm with a user of the IM client whether the user intended to send the message, and identify the host computer of the IM client as a source of malware in response to the user denying sending the message to the at least one of the fictitious buddies. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer program product comprising a computer-readable medium storing computer instructions for configuring a computer to perform steps comprising:
-
intercepting a buddy list sent from an IM server to an IM client; adding one or more fictitious buddies to the intercepted buddy list; forwarding the buddy list with the one or more fictitious buddies to the IM client; identifying that a computer that hosts the IM client sent a message to at least one of the fictitious buddies; interactively confirming with a user of the IM client whether the user intended to send the message; and responsive to the user denying sending the message to the at least one of the fictitious buddies, identifying the host computer of the IM client as a source of malware. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification