Evaluating URLS for malicious content
US9356950B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 22, 2014 |
| Grant date | May 31, 2016 |
| Priority date | — |
| Expiry date | Aug 22, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/146
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Requests by a user system for a resource at a URL may be received by a firewall, a honey client module may access the URL and permit installation of malicious code or other malicious activities. In response to detecting malicious activities, the honey client module characterizes the malicious activity to generate a descriptor used to detect malicious code in other systems. The URL may also be blacklisted by the firewall.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.