Electronic Message Analysis for Malware Detection
First Claim
1. A method for detecting malicious network content by a network content processing system, comprising:
- receiving an electronic message;
determining that the electronic message includes content determined to be suspicious;
executing the suspicious electronic message content in a virtual environment; and
identifying the suspicious electronic message content as malicious based on execution of the suspicious electronic message content in the virtual environment.
5 Assignments
0 Petitions
Accused Products
Abstract
An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.
424 Citations
28 Claims
-
1. A method for detecting malicious network content by a network content processing system, comprising:
-
receiving an electronic message; determining that the electronic message includes content determined to be suspicious; executing the suspicious electronic message content in a virtual environment; and identifying the suspicious electronic message content as malicious based on execution of the suspicious electronic message content in the virtual environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer readable storage medium having stored thereon instructions executable by a processor for performing a method for detecting malicious network content, the method comprising:
-
receiving an electronic message; determining that the electronic message includes content determined to be suspicious; executing the suspicious electronic message content in a virtual environment; and identifying the suspicious electronic message content as malicious based on execution of the suspicious electronic message content in the virtual environment. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
Specification