Computer virus protection

US 8,769,258 B2
Filed: 05/26/2011
Issued: 07/01/2014
Est. Priority Date: 06/22/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving, at a computing device, a message containing an attachment comprising an executable code;

comparing, by the computing device, a type of the attachment to one or more lists of attachment types;

if the type of the attachment is not in the one or more lists, converting, by the computing device, the executable code from an executable format to a non-executable format, such that the executable code is rendered inoperable, using an application-level process that retains semantic content of the message; and

forwarding the attachment containing the non-executable format from the computing device to a target recipient of the message.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network is protected from e-mail viruses through the use of a sacrificial server. Any executable programs or other suspicious parts of incoming e-mail messages are forwarded to a sacrificial server, where they are converted to non-executable format such as Adobe Acrobat PDF and sent to the recipient. The sacrificial server is then checked for virus activity. After the execution is completed, the sacrificial server is rebooted.

Citations

37 Claims

1. A method comprising:
- receiving, at a computing device, a message containing an attachment comprising an executable code;
  
  comparing, by the computing device, a type of the attachment to one or more lists of attachment types;
  
  if the type of the attachment is not in the one or more lists, converting, by the computing device, the executable code from an executable format to a non-executable format, such that the executable code is rendered inoperable, using an application-level process that retains semantic content of the message; and
  
  forwarding the attachment containing the non-executable format from the computing device to a target recipient of the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the one or more lists of attachment types include a list of approved attachment types and a list of disapproved attachment types.
  - 3. The method of claim 2, further comprising:
    - determining whether the type of the attachment is in the list of approved attachment types; and
      
      if the type of the attachment is not in the list of approved attachment types, determining whether the type of the attachment is in the list of disapproved attachment types.
  - 4. The method of claim 3, further comprising:
    - if the type of the attachment is in the list of disapproved attachment types, informing the target recipient that a message containing a disapproved attachment has been received.
  - 5. The method claim 3, further comprising:
    - if the type of the attachment is in the list of approved attachment types;
      
      generating an encrypted authentication identifier for the executable code;
      
      comparing the encrypted authentication identifier to a list of approved executable codes; and
      
      forwarding the attachment containing the executable code to the target recipient, if the encrypted authentication identifier is in the list of approved executable codes.
  - 6. The method of claim 5, further comprising:
    - if the encrypted authentication identifier is not in the list of approved executable codes, converting the executable code from the executable format to the non-executable format, such that the executable code is rendered inoperable.
  - 7. The method of claim 1, wherein the converting comprises:
    - forwarding the executable code to a sacrificial server to convert the executable code from the executable format to the non-executable format; and
      
      receiving, from the sacrificial server, the non-executable format.
  - 8. The method claim 7, wherein the converting further comprises:
    - disconnecting a data link to the sacrificial server after the forwarding the executable code to the sacrificial server; and
      
      establishing the data link to the sacrificial server before the receiving the non-executable format from the sacrificial server.
  - 9. The method of claim 8, wherein communications with the sacrificial server are authenticated using a challenge and response technique.
  - 10. The method of claim 7, wherein the attachment contains a virus and the converting further comprises:
    - examining the sacrificial server for virus activity; and
      
      rebooting the sacrificial server from a safe copy of an operating system obtained from a read-only device.
  - 11. The method of claim 1, wherein the message is an e-mail message.
  - 12. The method of claim 1, wherein the executable code is at least one of compiled code, interpretive code, and markup language code.
  - 13. The method of claim 1, wherein the non-executable format is an image format.
  - 14. The method of claim 1, wherein the converting the executable code comprises:
    - forming a first copy and a second copy of at least a portion of the message containing the executable code;
      
      executing the executable code in the first copy but not the second copy; and
      
      comparing the first copy to the second copy to determine an effect of the executable code, after the executable code in the first copy has been executed.
  - 15. The method of claim 1, further comprising:
    - before the comparing a type of the attachment to one or more lists of attachment types, archiving the message and the attachment and removing address data from the message.
  - 16. The method of claim 1, further comprising:
    - converting an executable code contained in a body of the message from an executable format to a non-executable format, such that the executable code contained in the body of the message is rendered inoperable.
  - 17. The method of claim 16, wherein the executable code contained in the body of the message comprises one of a hypertext link and an e-mail address and the converting an executable code contained in the body of the message comprises deactivating one of the hypertext link and the e-mail address.

18. A non-transitory computer readable storage medium having instructions stored thereon that, upon execution by a computing device, cause the computing device to perform operations comprising:
- receiving a message containing an attachment comprising an executable code;
  
  comparing a type of the attachment to one or more lists of attachment types;
  
  converting the executable code from an executable format to a non-executable format if the type of the attachment is not in the one or more lists, such that the executable code is rendered inoperable, using an application-level process that retains semantic content of the message; and
  
  forwarding the attachment containing the non-executable format to a target recipient of the message.

19. A method for protecting a user on a network from accessing a malicious website, the method comprising:
- receiving, at a computing device, a message containing a hypertext link;
  
  deactivating, by the computing device, the hypertext link such that the hypertext link is inoperable, using an application-level process that retains semantic content of the message; and
  
  forwarding the message containing the deactivated hypertext link from the computing device to a target recipient.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19, wherein the deactivated hypertext link is identifiable as a hypertext link.
  - 21. The method of claim 19, wherein the message is an e-mail message.
  - 22. The method of claim 19, wherein the deactivating comprises:
    - forwarding the message to a sacrificial server to deactivate the hypertext link; and
      
      receiving, from the sacrificial server, the message containing the deactivated hypertext link.

23. A non-transitory computer readable storage medium having instructions stored thereon that, upon execution by a computing device, cause the computing device to perform operations comprising:
- receiving a message containing a hypertext link;
  
  deactivating the hypertext link such that the hypertext link is inoperable, using an application-level process that retains semantic content of the message; and
  
  forwarding the message containing the deactivated hypertext link to a target recipient.

24. A method comprising:
- receiving, at a computing device, a message containing a code;
  
  determining, by the computing device, whether the code is an approved code;
  
  if the code is an unapproved code, converting, by the computing device, the code to a non-executable format, such that the code is rendered inoperable, using an application-level process that retains semantic content of the message; and
  
  forwarding the non-executable format over a network from the computing device to a target recipient of the message.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 25. The method of claim 24, wherein the code comprise a macro, a complied program, an interpretive code, a script, batch language, or a markup language code.
  - 26. The method of claim 24, wherein the code is enclosed in an attachment of the message, a body of the message, or a combination thereof, and the method further comprises:
    - identifying the code by inspecting the attachment, the body of the message, or both the attachment and the body of the message.
  - 27. The method of claim 26, wherein a non-executable data portion of the attachment or the body of the message is changed or updated interactively.
  - 28. The method of claim 24, further comprising:
    - if the code is an approved code, forwarding the code over the network to the target recipient of the message.
  - 29. The method of claim 24, further comprising:
    - generating an encrypted authentication identifier for the code; and
      
      comparing the encrypted authentication identifier to a list of approved codes.
  - 30. The method of claim 24, wherein the converting comprises:
    - forwarding the code to a sacrificial server to convert the code from an executable format to a non-executable format; and
      
      receiving, from the sacrificial server, the non-executable format.
  - 31. The method claim 30, wherein the converting further comprises:
    - disconnecting a data link to the sacrificial server after the forwarding the code to the sacrificial server; and
      
      establishing the data link to the sacrificial server before the receiving the non-executable format from the sacrificial server.
  - 32. The method of claim 31, wherein communications with the sacrificial server are authenticated using a challenge and response technique.
  - 33. The method of claim 30, wherein the converting further comprises:
    - examining the sacrificial server for virus activity; and
      
      rebooting the sacrificial server from a safe copy of an operating system obtained from a read-only device.

34. A non-transitory computer readable storage medium having instructions stored thereon that, upon execution by a computing device, cause the computing device to perform operations comprising:
- receiving a message containing a code;
  
  determining whether the code is an approved code;
  
  if the code is an unapproved code, converting the code to a non-executable format, such that the code is rendered inoperable, using an application-level process that retains semantic content of the message; and
  
  forwarding the non-executable format over a network to a target recipient of the message.

35. A method comprising:
- receiving, at a computing device, a message containing an attachment comprising an executable code;
  
  comparing, by the computing device, a type of the attachment to one or more lists of attachment types;
  
  if the type of the attachment is in the one or more lists, converting, by the computing device, the executable code from an executable format to a non-executable format, such that the executable code is rendered inoperable, using an application-level process that retains semantic content of the message; and
  
  forwarding the attachment containing the non-executable format from the computing device to a target recipient of the message.
- View Dependent Claims (36)
- - 36. The method of claim 35, wherein the attachment includes an unapproved executable code.

37. A non-transitory computer readable storage medium having instructions stored thereon that, upon execution by a computing device, cause the computing device to perform operations comprising:
- receiving a message containing an attachment comprising an executable code;
  
  comparing a type of the attachment to one or more lists of attachment types;
  
  converting the executable code from an executable format to a non-executable format if the type of the attachment is in the one or more lists, such that the executable code is rendered inoperable, using an application-level process that retains semantic content of the message; and
  
  forwarding the attachment containing the non-executable format to a target recipient of the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Inventors
Stewart, Walter Mason, Carrera, Marcelo, Hook, Robert G.
Primary Examiner(s)
Parthasarathy, Pramila

Application Number

US13/116,308
Publication Number

US 20110231669A1
Time in Patent Office

1,132 Days
Field of Search

None
US Class Current

713/152
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/567   using dedicated hardware

H04L 51/066   Format adaptation, e.g. for...

H04L 51/212   using filtering or selectiv...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

Computer virus protection

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Computer virus protection

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links