Systems and methods for malware detection
First Claim
Patent Images
1. A computer system comprising:
- a processor configured to execute an anti-malware engine, the anti-malware engine operable to receive an outbound request from at least one client computer, the at least one client computer communicatively coupled to the anti-malware engine via a first computer network, the outbound request comprising a transmission of an outbound data message from the first computer network and directed toward a second computer network, the transmission occurring after a received inbound data message addressed to the at least one client computer has been processed by the anti-malware engine, the anti-malware engine further operable to provide anti-malware protection for the at least one client computer,wherein the anti-malware engine is further operable to determine if the outbound request is classified as malware by determining whether the outbound request includes one or more valid tags embedded within links inside the outbound data message associated with the outbound request, the one or more valid tags previously embedded within each of one or more links by the anti-malware engine via processing and modifying the received inbound message addressed to the at least one client computer on the first computer network, the processing and modifying performed prior to the inbound message reaching the at least one client computer, each of the one or more links comprising a uniform resource identifier.
13 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments include a computer system comprising a computer network including at least one client computer, the at least one client computer operable to generate a request, and an anti-malware engine coupled to the computer system and operable to provide anti-malware protection for the computer network, wherein the anti-malware engine is operable to receive the request generated by the at least one client, and to determine if the request is classified as malware by determining whether the request includes one or more valid tags.
35 Citations
26 Claims
-
1. A computer system comprising:
-
a processor configured to execute an anti-malware engine, the anti-malware engine operable to receive an outbound request from at least one client computer, the at least one client computer communicatively coupled to the anti-malware engine via a first computer network, the outbound request comprising a transmission of an outbound data message from the first computer network and directed toward a second computer network, the transmission occurring after a received inbound data message addressed to the at least one client computer has been processed by the anti-malware engine, the anti-malware engine further operable to provide anti-malware protection for the at least one client computer, wherein the anti-malware engine is further operable to determine if the outbound request is classified as malware by determining whether the outbound request includes one or more valid tags embedded within links inside the outbound data message associated with the outbound request, the one or more valid tags previously embedded within each of one or more links by the anti-malware engine via processing and modifying the received inbound message addressed to the at least one client computer on the first computer network, the processing and modifying performed prior to the inbound message reaching the at least one client computer, each of the one or more links comprising a uniform resource identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system comprising:
a processor configured to execute an anti-malware engine, the anti-malware engine configured to provide anti-malware protection for at least one client computer and operable to; receive a request from at least one client computer communicatively coupled to the anti-malware engine via a first computer network; forward the request from the at least on client computer to a second computer on a second computer network; receive, in response to the forwarded request, received content at the anti-malware engine from the second computer network that is directed to the at least one client computer; and determine if the received content is to be classified as malware, and if the received content is not determined to be classified as malware, to scan the received content for one or more links, and if the one or more links are found, to add at least one valid tag to at least one of the one or more links by altering the at least one link inside the received content before forwarding the received content on to the at least one client computer, each of the one or more links comprising a uniform resource identifier. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
16. A method comprising:
-
receiving at an anti-malware engine an outbound request for outbound transmission of data from a protected computer network to a second computer network, the anti-malware engine executing on a processor communicatively coupled to the protected computer network and the second computer network, the request originating from a device connected to the anti-malware engine via the protected computer network; inspecting the received outbound request for the presence of one or more valid tags, the one or more valid tags comprising tags previously added to one or more links contained inside a prior inbound message addressed to a receiving computer on the protected computer network, the adding occurring prior to receipt of the inbound message at the receiving computer, the one or more links comprising a uniform resource identifier; classifying the received outbound request as malware or not malware based upon at least one valid tag being found in the received outbound request; removing the at least one valid tag from the outbound request classified as not malware; and forwarding the received outbound request, after removal of the at least one valid tag, toward the second computer network. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A non-transitory computer memory storing instructions that when executed by a processor cause the processor to:
-
receive content directed toward a protected computer network; determine if the content comprises original content, or if the content comprises a response to a request previously forwarded from the protected computer network to a second network; and if the content comprises original content, processing the content using an anti-malware engine executing on the processor to determine if the content is to be classified as malware, and if the content is not to be classified as malware, scanning the content for links comprising a uniform resource identifier, and if at least one link is found, adding a valid tag to the at least one link found in the content by altering the at least one link inside the content before forwarding the content to the protected computer network, wherein the valid tag adds information to the at least one link to indicate that the at least one link has been previously processed as part of original content processing for inbound original content. - View Dependent Claims (23, 24, 25, 26)
-
Specification