Prospective client identification using malware attack detection
First Claim
Patent Images
1. A method comprising:
- receiving network traffic;
detecting a malware attack based on analysis of the network traffic;
identifying, by a hardware controller based on address information within the network traffic, a malware device being a digital device that provided the network traffic associated with the malware attack;
identifying, by the hardware controller, a device in communication with the malware device;
determining, by the hardware controller, at least one of a first entity having responsibility for the malware device or a second entity having responsibility for the device in communication with the malware device, each of the first entity and the second entity being a business or person; and
communicating a first message to the first entity having the responsibility for the malware device and a second message to the second entity having responsibility for the device in communication with the malware device without affecting performance of at least one of the malware device or the device, wherein the first message to the first entity comprises a first type of content including at least one of (i) a notification of a possible infection of malware associated with the malware attack, or (ii) an offer of services to eliminate the malware and wherein the second message to the second entity includes a second type of content that comprises an offer for security related products or services that is directed to at least one of (i) stopping an on-going malware attack or (ii) removing the malware from the device in communication with the malware device.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for prospective client identification using malware attack detection are provided. A malware device is identified. The entity with the responsibility for the malware device or a potentially compromised device in communication with the malware device is determined. A message is communicated to the entity based on the determination. In various embodiments, the message comprises an offer for security related products and/or services.
586 Citations
37 Claims
-
1. A method comprising:
-
receiving network traffic; detecting a malware attack based on analysis of the network traffic; identifying, by a hardware controller based on address information within the network traffic, a malware device being a digital device that provided the network traffic associated with the malware attack; identifying, by the hardware controller, a device in communication with the malware device; determining, by the hardware controller, at least one of a first entity having responsibility for the malware device or a second entity having responsibility for the device in communication with the malware device, each of the first entity and the second entity being a business or person; and communicating a first message to the first entity having the responsibility for the malware device and a second message to the second entity having responsibility for the device in communication with the malware device without affecting performance of at least one of the malware device or the device, wherein the first message to the first entity comprises a first type of content including at least one of (i) a notification of a possible infection of malware associated with the malware attack, or (ii) an offer of services to eliminate the malware and wherein the second message to the second entity includes a second type of content that comprises an offer for security related products or services that is directed to at least one of (i) stopping an on-going malware attack or (ii) removing the malware from the device in communication with the malware device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 27, 28, 29, 34)
-
-
8. A method comprising:
-
monitoring network data between a plurality of digital devices within a communication network; storing communication data associated with the network data in a memory; identifying a malware device within the plurality of digital devices based on the communication data, the malware device being a digital device that provided the network data that includes malware; determining a first entity having responsibility for the malware device; reviewing the stored communication data to identify a device within the plurality of digital devices that has communicated with the malware device; determining a second entity having responsibility for the device that has communicated with the malware device, the entity determined to have responsibility being a business or person; and communicating a first message to the first entity having responsibility for the malware device and a second message to the second entity having the responsibility for the device that has communicated with the malware device without affecting performance of at least one of the malware device or the device, wherein the first message to the first entity comprises a first type of content including at least one of (i) a notification of a possible infection of the malware device by the malware and being associated with a malware attack, or (ii) an offer of services to eliminate the malware and wherein the second message to the second entity includes a second type of content that comprises an offer for security related products or services that is directed to at least one of (i) stopping an on-going malware attack or (ii) removing the malware from the device in communication with the malware device. - View Dependent Claims (9, 10, 11, 12, 13, 30, 31, 35)
-
-
14. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor for performing a method comprising:
-
detecting a malware attack based on analysis of monitored network traffic; identifying a malware device, the malware device being a digital device that provided the monitored network data including malware; determining, based on the monitored network data, at least one of a first entity having responsibility for the malware device or a second entity having responsibility for a device in communication with the malware device, each of the first entity and the second entity determined to be a business or person; and communicating a first message to the first entity having the responsibility for the malware device and a second message to the second entity having responsibility for the device in communication with the malware device without affecting performance of at least one of the malware device or the device, wherein the first message to the first entity comprises a first type of content including at least one of (i) a notification of a possible infection of malware associated with the malware attack, or (ii) an offer of services to eliminate the malware and wherein the message to the second entity includes a second type of content that comprises an offer for security related products or services that is directed to at least one of (i) stopping an on-going malware attack or (ii) removing the malware from the device in communication with the malware device. - View Dependent Claims (15, 16, 17, 18, 19, 25, 32, 33)
-
-
20. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor for performing a method comprising:
-
monitoring network data between a plurality of digital devices within a communication network; storing communication data associated with the network data in a memory; identifying a malware device within the plurality of digital devices based on the communication data, the malware device being a digital device that provided the network data associated with a malware attack; determining a first entity having responsibility for the malware device; reviewing the stored communication data to identify a device within the plurality of digital devices that has communicated with the malware device; determining a second entity having responsibility for the device that has communicated with the malware device, the entity determined to have responsibility being a business or person; and communicating a first message to the first entity having responsibility for the malware device and a second message to the second entity having the responsibility for the device that has communicated with the malware device without affecting performance of at least one of the malware device or the device, wherein the first message to the first entity comprises a first type of content including at least one of (i) a notification of a possible infection of malware associated with the malware attack, or (ii) an offer of services to eliminate the malware and wherein the message to the second entity includes a second type of content that comprises an offer for security related products or services that is directed to at least one of (i) stopping an on-going malware attack or (ii) removing the malware from the device in communication with the malware device. - View Dependent Claims (21, 22, 23, 24)
-
-
26. A system comprising:
a processor configured to receive a copy of network data, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, simulate transmission of the network data to a destination device to identify a malware device being a digital device that provided the suspicious network data, determine a first entity having responsibility for the malware device, identify a device in communication with the malware device, determine a second entity having responsibility for the device in communication with the malware device based on address information within the network data, communicate a first message to the first entity including a first type of content including at least one of (i) a notification of a possible infection of malware associated with the malware attack, or (ii) an offer of services to eliminate the malware, and communicate a second message to the second entity including a second type of content including at least one of an offer for security related products or services that is directed to at least one of (i) stopping an on-going malware attack by the malware device or (ii) removing the malware from the device based on communications with the malware device. - View Dependent Claims (36, 37)
Specification