ELECTRONIC MESSAGE ANALYSIS FOR MALWARE DETECTION

申请公布号：: EP2700009(A1)
申请号：: EP20120774315
申请日期：: 2012.02.23
申请公布日期：: 2014.02.26
申请人：: FIREEYE, INC.
发明人：: AZIZ, ASHAR;UYENO, HENRY;MANNI, JAY;SUKHERA, AMIN;STANIFORD, STUART
分类号：: G06F21/56;H04L12/58
主分类号：: G06F21/56
摘要：: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.