×

System and method for malicious software detection in multiple protocols

  • US 8,321,936 B1
  • Filed: 05/30/2008
  • Issued: 11/27/2012
  • Est. Priority Date: 05/30/2007
  • Status: Active Grant
First Claim
Patent Images

1. An apparatus for identifying malicious content associated with an electronic message specifying a destination computing device, the apparatus comprising:

  • a processor;

    a filtering module stored on a memory and executable by the processor, the filtering module for receiving the electronic message and content associated with the electronic message, determining whether the electronic message and the content associated with the electronic message include content known to be malicious by comparing the electronic message and the content associated with the electronic message with a database of content determined to be malicious and parsing the electronic message and the content associated with the electronic message into a plurality of components, the plurality of components including uniform resource locators that are formatted as plain text;

    a network access module stored on the memory and executable by the processor, the network access module adapted to communicate with the filtering module, the network access module identifying a destination associated with the electronic message and the plurality of components;

    a virtual machine stored on the memory and executable by the processor, the virtual machine adapted to communicate with the network access module, the virtual machine executing the plurality of components in an environment simulating a destination computing device environment, monitoring execution of the plurality of components for one or more malicious actions, generating a classification result associated with the electronic message and content associated with the electronic message responsive to monitoring execution of the plurality of components, storing a description of the electronic message and content associated with the electronic message in the database responsive to the classification result indicating the electronic message or content associated with the electronic message is malicious and modifying filtering rules for identifying the content known to be malicious based at least in part on the classification result;

    an administration module stored on the memory and executable by the processor, the administration module adapted to communicate with the network access module for performing an action on the electronic message and content associated with the electronic message responsive to the classification result; and

    a reporting module adapted to communicate with the administration module, the reporting module for appending a flag to the electronic message responsive to the electronic message or content associated with the electronic message including malicious content.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×