Please download the dossier by clicking on the dossier button x
×

Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by analyzing message traffic patterns

  • US 7,823,200 B2
  • Filed: 07/01/2005
  • Issued: 10/26/2010
  • Est. Priority Date: 07/01/2005
  • Status: Expired due to Fees
First Claim
Patent Images

1. A computer-assisted method of reducing the spread of malware in an instant message (IM) system, comprising:

  • using a computer configured to execute method steps comprising;

    examining incoming messages from an IM server to an IM client;

    examining outgoing messages from the IM client to the IM server;

    analyzing a relationship among the incoming and outgoing messages;

    generating a plurality of virtual users with virtual IM accounts containing fictitious information, the fictitious information tailored to entice malware operators to communicate with the virtual users;

    sending one or more messages to the IM client via the virtual IM accounts to elicit return messages from a particular type of malware operator, the particular type being one that observes whether IM accounts are passive or active and sends return messages only to active IM accounts that have previously sent messages;

    comparing the incoming and outgoing messages with a database of information stored about likely malware messages that were sent to virtual users, the information about a likely malware message stored in the database including a confidence level indicating the likelihood of the message being a malware message; and

    determining whether one or more messages contain malware based on the analysis of the relationship among the incoming and outgoing messages and based on the comparison with the database of information stored about likely malware messages that were sent to virtual users.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×