Protection from malicious web content

US 8,769,690 B2
Filed: 07/09/2010
Issued: 07/01/2014
Est. Priority Date: 03/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing content for malicious components, the method comprising:

monitoring, at a sender device, a submission of electronic instructions to access content, wherein the monitoring comprises identifying content based at least in part on the instructions, the submission being performed by a first user and being directed to a host-server, and the instructions being directed to a second user;

scanning, using a data processing device at the host server, the content identified from the monitoring step for one or more malicious components to obtain a scan result prior to the second user receiving the instructions; and

presenting an indicator associated with the content, wherein the indicator is based on the scan result.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Instructions allowing their recipient to access content via a computer network are intercepted at a destination device sending the instructions via a host-server. Content of an instruction is analyzed at the destination device for malicious components, and results of the analysis are associated with the content prior to being presented to viewers of the content.

Citations

31 Claims

1. A method for analyzing content for malicious components, the method comprising:
- monitoring, at a sender device, a submission of electronic instructions to access content, wherein the monitoring comprises identifying content based at least in part on the instructions, the submission being performed by a first user and being directed to a host-server, and the instructions being directed to a second user;
  
  scanning, using a data processing device at the host server, the content identified from the monitoring step for one or more malicious components to obtain a scan result prior to the second user receiving the instructions; and
  
  presenting an indicator associated with the content, wherein the indicator is based on the scan result.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the sender device sends the electronic instructions and the steps of monitoring and presenting are performed by the sender device.
  - 3. The method of claim 1, wherein the electronic instructions comprise an instruction to visit a destination link.
  - 4. The method of claim 1, wherein the electronic instructions comprise an instruction to view a multimedia file.
  - 5. The method of claim 1, wherein the electronic instructions comprise the content.
  - 6. The method of claim 1, wherein the electronic instructions comprise a destination node, and wherein the destination node is selected from a group comprising a content server, a bulletin board service, a publicly accessible electronic content source, a repository, and a database.
  - 7. The method of claim 1, wherein the instructions are posted at the host-server, and the host-server is selected from a group consisting of a content server, a bulletin board service, and a publicly accessible electronic content source.
  - 8. The method of claim 7, wherein the electronic instructions to access content comprises a destination node and wherein the destination node is the host-server.
  - 9. The method of claim 7, wherein the sender device sends the electronic instructions and the step of presenting is performed by the host-server.
  - 10. The method of claim 1, wherein the content comprises at least one of text data, audio data, image data, user-generated content, video data, and a link to content.
  - 11. The method of claim 1, wherein the presenting step comprises displaying the content and the associated indicator in a webpage.

12. A method for analyzing content for malicious components, the method comprising:
- monitoring, at a sender device, a submission of electronic instructions to access content, the submission being performed by a first user and being directed to a host-server designating a site to the first user, wherein the monitoring comprises identifying content based at least in part on the instructions, and wherein the instructions are directed to a second user and comprise a destination link to content at a destination node;
  
  replacing, at the sender device, the destination link identified during the monitoring step with an alternate link;
  
  presenting, by the host-server, the alternate link;
  
  in response to a request by the second user to access content associated with the alternate link, scanning, using a data processing device, content at the destination link associated with the alternate link for one or more malicious components to obtain a scan result; and
  
  directing the second user to the content at the destination link in response to the scan result.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, wherein the scanning and directing steps are performed by the host-server.
  - 14. The method of claim 12, wherein the host-server is selected from a group consisting of a content server, a bulletin board service, and a publicly accessible electronic content source.
  - 15. The method of claim 12, wherein the electronic instructions comprise an instruction to visit a webpage.
  - 16. The method of claim 12, wherein the electronic instructions comprise an instruction to view a multimedia file.
  - 17. The method of claim 12, wherein the electronic instructions comprise additional content, the method further comprising scanning the additional content.
  - 18. The method of claim 12, wherein the destination node is selected from a group consisting of a content server, a bulletin board service, a publicly accessible electronic content source, a repository, a database, and the host-server, the instructions being posted at the host-server.
  - 19. The method of claim 12, wherein the content comprises at least one of text data, audio data, image data, video data, instructions to a computer, and a link to content.
  - 20. The method of claim 12, wherein the presenting step comprises displaying the alternate link in a webpage.

21. A system for analyzing content for malicious components, the system comprising:
- a sender device configured to facilitate electronic communications, via a host-server, among a first user who is associated with the sender device and a second user, the sender device further comprising;
  
  a monitor for monitoring electronic instructions to access content instructions to access content, the instructions being directed to the second user, wherein the monitor is configured to identify content associated with the submission;
  
  a presenter for presenting an indicator associated with the content wherein the indicator is based on the scan result, and wherein the presenter replaces a destination link to the content with an alternate link;
  
  the system further comprising;
  
  a scanner, at the host server, to scan the content identified by the monitor for one or more malicious components to obtain a scan result before the second user receives the instructions.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The system of claim 21, wherein the content is stored at a content source destination node.
  - 23. The system of claim 22, wherein the content source comprises a publically accessible electronic content source.
  - 24. The system of claim 21, wherein the scanner comprises a computer-virus scanner.
  - 25. The system of claim 21, wherein the scanner comprises a malware scanner.

26. A system for analyzing content for malicious components, the system comprising:
- a sender device for submitting electronic instructions to access content to a host-server designating a site to a first user associated with the sender device, the instructions being directed to a second user, the sender device comprising;
  
  a monitor for monitoring submissions of electronic instructions to access content, wherein the monitoring comprises identifying content based at least in part on the instructions, and wherein the instructions comprise a destination link to the content at a destination node; and
  
  a presenter for presenting an alternate link associated with the destination link identified by the monitor; and
  
  a host-server designating a site to the first user, the host-server comprising;
  
  a first scanner to scan content at the destination node for one or more malicious components to obtain a scan result, in response to the second user requesting access to content associated with the alternate link; and
  
  a director to direct the second user to the content at the destination node in response to the scan result.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The system of claim 26, wherein the destination node comprises a content source.
  - 28. The system of claim 27, wherein the content source comprises a publically accessible electronic content source.
  - 29. The system of claim 26, wherein the scanner comprises a computer-virus scanner.
  - 30. The system of claim 26, wherein the scanner comprises a malware scanner.
  - 31. The system of claim 26, wherein the sending device further comprises:
    - a second scanner to scan content at the destination node for one or more malicious components to obtain a second scan result, andthe presenter is configured for presenting an indicator associated with the alternate link, wherein the indicator is based on the second scan result.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avast Software SRO (Gen Digital Inc.)
Original Assignee
AVG Netherlands B.V. (Gen Digital Inc.)
Inventors
Ben-Itzhak, Yuval, Mosher, Gregory Andrew
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
PARSONS, THEODORE C

Application Number

US12/833,425
Publication Number

US 20110030058A1
Time in Patent Office

1,453 Days
Field of Search

726 22- 25, 709/224
US Class Current

726/24
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

Protection from malicious web content

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Protection from malicious web content

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links