Instant messaging malware protection
First Claim
1. A method of preventing transmission of malware-created instant messages comprising:
- detecting that an active instant messaging (IM) window, specifically for entering text, has been opened on a computing device;
detecting a first text being typed into the active IM window by a human being using a keyboard;
copying the first text or a first timestamp associated with said first text into a data storage area on said computing device, said data storage area including a stored text or a stored timestamp of all instant messages typed into an active IM window on said computing device;
intercepting an IM packet before the IM packet is transmitted from the computing device onto a network;
parsing the IM packet to obtain a second text or a second timestamp;
determining whether the second text or the second timestamp matches respectively with a text or a timestamp stored in the data storage area; and
blocking transmission of the IM packet from said computing device when the second text is determined not to match or when the second timestamp is determined not to match.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing device capable of instant messaging (IM) contains IM anti-malware software for preventing the transmission of malware-created IMs and opening potentially harmful IMs that it receives. When transmitting an IM, the software checks to ensure that the message being sent was created by the user (a human being) and not by IM malware, such as an IM BOT. This is done by copying details of a message as it is being typed by a user into a database and searching for that data before an IM is transmitted from the device. The software also ensures that when it receives an IM from an outside source, that the message contains a special encrypted signal that was inserted into the message by the source when the source has determined that the message was created by a human being. If the special signal is not found, it is presumed that the message was created by malware and may be discarded. Ensuring that an IM message is created by a human being is by leveraging a feature in IM client software that provides the name of the person typing the message as the message is being created.
-
Citations
19 Claims
-
1. A method of preventing transmission of malware-created instant messages comprising:
-
detecting that an active instant messaging (IM) window, specifically for entering text, has been opened on a computing device; detecting a first text being typed into the active IM window by a human being using a keyboard; copying the first text or a first timestamp associated with said first text into a data storage area on said computing device, said data storage area including a stored text or a stored timestamp of all instant messages typed into an active IM window on said computing device; intercepting an IM packet before the IM packet is transmitted from the computing device onto a network; parsing the IM packet to obtain a second text or a second timestamp; determining whether the second text or the second timestamp matches respectively with a text or a timestamp stored in the data storage area; and blocking transmission of the IM packet from said computing device when the second text is determined not to match or when the second timestamp is determined not to match. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of preventing a message of instant messaging (IM) from infecting a computing device, the method comprising:
-
receiving the message at the computing device from a transmitting device; determining whether the message includes non-secret text indicating that the transmitting device includes an IM anti-malware software; determining whether the message includes an embedded encrypted secret code wherein the encrypted secret code is generated at the transmitting device by an encryption software of the IM anti-malware software; preventing the message from being opened on the computing device when the transmitting device is determined to include the IM anti-malware software and when the encrypted secret code is determined to be not found in the message, wherein the encrypted secret code is embedded into the message at the transmitting device if the transmitting device determines that a human being created the message, such that the encrypted secret code is transmitted, in the message, from the IM anti-malware software in the transmitting device to the computing device. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method of preventing a message of instant messaging (IM) from infecting a computing device, the method comprising:
-
inserting a non-secret text in the message indicating a presence of an IM anti-malware software on a transmitting device; determining whether a human being created the message on the transmitting device; embedding an encrypted secret code in the message when it is determined that the human being created the message, wherein the encrypted secret code is generated by an encryption software of the IM anti-malware software; and transmitting the message from the transmitting device to the computing device, wherein the computing device can determine that the message was not created by the human being when the non-secret text is found in the message and the encrypted secret code is not found in the message. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method of preventing transmission of malware-created instant messages comprising:
-
detecting that an active instant messaging (IM) window, specifically for entering text, has been opened on a computing device; detecting a first text being typed into the active IM window by a human being using a keyboard; copying the first text or a first timestamp associated with said first text into a data storage area on said computing device, said data storage area including a stored text or a stored timestamp of all instant messages typed into an active IM window on said computing device; intercepting an IM packet before the IM packet is transmitted from the computing device onto a network; parsing the IM packet to obtain a second text or a second timestamp; determining whether the second text or the second timestamp matches respectively with the first text or the first timestamp stored in the data storage area; and allowing transmission of the IM packet from the computing device when the second text and the first text are determined to match or when the second timestamp and the first timestamp are determined to match. - View Dependent Claims (18, 19)
-
Specification