Electronic message analysis for malware detection
First Claim
1. A computer implemented method for detecting malicious network content by a network content processing system, comprising:
- receiving an electronic email message;
analyzing the electronic email message to detect a uniform resource locator (URL) address within message content of the electronic email message;
determining whether the detected URL address within the message content is suspicious;
in response to a determination that the detected URL address is suspicious, executing, with a computer processing system, the suspicious URL address detected within the message content of the electronic email message, wherein executing the suspicious URL address comprises executing, within a virtual environment, web content received in response to a request for the web content; and
identifying the suspicious URL address detected within the electronic email message content as malicious based on results of the executing of the suspicious URL address detected within the electronic email message content in the virtual environment.
7 Assignments
0 Petitions
Accused Products
Abstract
An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.
-
Citations
51 Claims
-
1. A computer implemented method for detecting malicious network content by a network content processing system, comprising:
-
receiving an electronic email message; analyzing the electronic email message to detect a uniform resource locator (URL) address within message content of the electronic email message; determining whether the detected URL address within the message content is suspicious; in response to a determination that the detected URL address is suspicious, executing, with a computer processing system, the suspicious URL address detected within the message content of the electronic email message, wherein executing the suspicious URL address comprises executing, within a virtual environment, web content received in response to a request for the web content; and identifying the suspicious URL address detected within the electronic email message content as malicious based on results of the executing of the suspicious URL address detected within the electronic email message content in the virtual environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A non-transitory computer readable storage medium implemented within a computing device and having stored thereon instructions that, when executed by a processor, performs operations for detecting malicious network content, comprising:
-
receiving an electronic email message; analyzing the electronic email message to detect a uniform resource locator (URL) address within message content of the electronic email message; determining whether the detected URL address within the message content is suspicious; in response to a determination that the detected URL address is suspicious, executing the suspicious URL address detected within the message content of the electronic email message, wherein executing the suspicious URL address comprises executing, within a virtual environment, web content received in response to a request for the web content; and identifying the suspicious URL address detected within the electronic email message content as malicious based on results of the executing of the suspicious URL address detected within the electronic email message content in the virtual environment. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A system for detecting malicious network content, comprising:
-
a memory; and a processor coupled with the memory and configured to receive an electronic email message; an electronic message malware detector comprising the processor and configured to analyze the electronic email message to detect a uniform resource locator (URL) address within message content of the electronic email message, and determine whether the detected URL address within the message content is suspicious; a web malware detector coupled with the electronic message malware detector and configured to in response to a determination that the detected URL address is suspicious, execute the suspicious URL address detected within the message content of the electronic email message, wherein executing the suspicious URL address comprises executing, within a virtual environment, web content received in response to a request for the web content, and identifying the suspicious URL address detected within the electronic email message content as malicious based on results of the executing of the suspicious URL address detected within the electronic email message content in the virtual environment. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
Specification