Malware detection system based on stored data

Assignee

• Mimecast North America, Inc. · US

Inventors

• Jackie Anne Maylor · Patney, GB
• Simon Paul Tyler · Patney, GB
• Peter Bauer · Boise, US
• Gilly Benamram · London, GB
• Paul Sowden · London, GB
• Steven Malone · Grafton, GB
• Wayne Van Ry · London, GB
• Francisco Ribeiro · London, GB

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A malware detection system based on stored data that analyzes an electronic message for threats by comparing it to previously received messages in a message archive or to a contacts list. Threat protection rules may be generated dynamically based on the message and contacts history. A message that appears suspicious may be blocked, or the system may insert warnings to the receiver not to provide personal information without verifying the message. Threat checks may look for unknown senders, senders with identities that are similar to but not identical to previous senders or to known contacts, or senders that were added only recently as contacts. Links embedded in messages may be checked by comparing them to links previously received or to domain names of known contacts. The system may flag messages as potential threats if they contradict previous messages, or if they appear unusual compared to the patterns of previous messages.