Malware detection system based on stored data
First Claim
1. A malware detection system based on stored data, comprising:
- a messaging system database comprising at least one or more computing devices for storing;
an archive of electronic messages, wherein said archive of electronic messages comprises electronic messages previously sent, received or drafted,a contacts list, andsummary data derived from said archive of electronic messages and said contacts list, wherein said summary data consolidates information from said message archive of electronic messages and said contacts list; and
,a message filter comprising a computer coupled to said messaging system database, and configured toreceive an electronic message comprising one or more message parts, said one or more message parts comprisinga sender information,one or more receivers information,a message contents,a subject line,one or more attachments,one or more links to websites,a message thread;
determine whether said electronic message represents a potential threat, based on an analysis ofsaid one or more message parts, andsaid messaging system database;
classify said electronic message as a potential threat when a length of time said sender has been in said contacts list is below a threshold value andclassify said electronic message as a potential threat when said electronic message asks said user to perform an action; and
,no previous message in said archive of electronic messages from the same sender as said electronic message requests said user to perform said action;
wherein when said electronic message represents a potential threat, perform one or more ofblock access to said electronic message or to one or more of said message parts; and
,transform said electronic message to provide a warning to a user who attempts to access said electronic message or attempts to access one or more of said one or more message parts,wherein said transform said electronic message to provide said warning comprises one or more ofinsert text or graphics warning about a potential threat into the subject line of said electronic message and into the message contents of said electronic message, and,transform a link to a website from said electronic message to a protected link, wherein clicking said protected link
shows a website warning to said user before connecting to said website, or
calculates a website maturity score, and if said website maturity score is below a threshold, displays a warning message to said user before connecting to said website, or
shows said website warning and calculates said website maturity score.
5 Assignments
0 Petitions
Accused Products
Abstract
A malware detection system based on stored data that analyzes an electronic message for threats by comparing it to previously received messages in a message archive or to a contacts list. Threat protection rules may be generated dynamically based on the message and contacts history. A message that appears suspicious may be blocked, or the system may insert warnings to the receiver not to provide personal information without verifying the message. Threat checks may look for unknown senders, senders with identities that are similar to but not identical to previous senders or to known contacts, or senders that were added only recently as contacts. Links embedded in messages may be checked by comparing them to links previously received or to domain names of known contacts. The system may flag messages as potential threats if they contradict previous messages, or if they appear unusual compared to the patterns of previous messages.
64 Citations
25 Claims
-
1. A malware detection system based on stored data, comprising:
-
a messaging system database comprising at least one or more computing devices for storing; an archive of electronic messages, wherein said archive of electronic messages comprises electronic messages previously sent, received or drafted, a contacts list, and summary data derived from said archive of electronic messages and said contacts list, wherein said summary data consolidates information from said message archive of electronic messages and said contacts list; and
,a message filter comprising a computer coupled to said messaging system database, and configured to receive an electronic message comprising one or more message parts, said one or more message parts comprising a sender information, one or more receivers information, a message contents, a subject line, one or more attachments, one or more links to websites, a message thread; determine whether said electronic message represents a potential threat, based on an analysis of said one or more message parts, and said messaging system database; classify said electronic message as a potential threat when a length of time said sender has been in said contacts list is below a threshold value and classify said electronic message as a potential threat when said electronic message asks said user to perform an action; and
,no previous message in said archive of electronic messages from the same sender as said electronic message requests said user to perform said action; wherein when said electronic message represents a potential threat, perform one or more of block access to said electronic message or to one or more of said message parts; and
,transform said electronic message to provide a warning to a user who attempts to access said electronic message or attempts to access one or more of said one or more message parts, wherein said transform said electronic message to provide said warning comprises one or more of insert text or graphics warning about a potential threat into the subject line of said electronic message and into the message contents of said electronic message, and, transform a link to a website from said electronic message to a protected link, wherein clicking said protected link
shows a website warning to said user before connecting to said website, or
calculates a website maturity score, and if said website maturity score is below a threshold, displays a warning message to said user before connecting to said website, or
shows said website warning and calculates said website maturity score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification