×

Method and system for isolating suspicious email

  • US 7,832,012 B2
  • Filed: 05/17/2005
  • Issued: 11/09/2010
  • Est. Priority Date: 05/19/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting malicious programs, the method comprising:

  • determining whether an object is suspicious;

    opening, in response to determining that the object is suspicious, the suspicious object in a disposable, secure, single purpose virtual machine (VM) session running on a computer system; and

    detecting indications of malicious behavior when the suspicious object is opened within the VM session, the detecting of the indications of the malicious behavior comprising;

    taking a first snapshot of one or more system features of the VM session prior to opening the object in the VM session;

    taking a second snapshot of the one or more system features of the VM session after the opening of the object in the VM session; and

    comparing the first snapshot with the second snapshot to detect indications of the malicious programs within the VM session.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×