Electronic messages, such as electronic mail messages (or e-mails), instant messages, faxes and so on, are the method of choice for exchanging information with one another. As the use of electronic messages has become very popular, it is not surprising that electronic messages, such as e-mails, are frequently used for malware proliferation. In this context the term “malware” or “malicious software” refers to any software or software portions used to disrupt computer operations, gather sensitive information, or gain access to private or corporate computer systems. Malware embedded in or attached to electronic messages and distributed via electronic messages can include, among others, viruses, worms, trojan horses, ransomware, scareware, adware and/or other malicious programs.
In order to impede malware proliferation across a communications network, numerous antimalware solutions following different protection or combat strategies are on the market. For instance, there are anti-malware solutions available which are designed to provide real-time protection against installation of malicious software on a computer device by scanning all incoming network data for malware and by immediately blocking any detected threats. Also there are anti-malware solutions available which are designed to detect and remove malicious software that has already been installed on a computer device.
Moreover, in order to efficiently impede malware proliferation in communications networks, appropriate anti-malware solutions are provided for remote messaging servers of the communications networks which are designed to route messages originating from one or more message sending devices to one or more message receiving devices. Such anti-malware solutions on are usually realized in the form of software and hardware modules implemented in the messaging servers which are designed to perform an anti-malware check for each message. That is, the messaging servers scan the messages for malware and only clean messages (i.e., non-malicious messages) are routed to the message receiving devices, whereas malicious messages are filtered out by the messaging servers, even before the malicious message can reach a receiving device.
Such anti-malware solutions usually work on the basis of a comparison of the message content with known virus signatures. A virus signature is an algorithm or a static hash (i.e., a numerical value of a portion of code unique to the virus) that can be used as fingerprint for a specific virus. Such an anti-malware detection technique is very efficient, but has the shortcoming that only viruses already known by the anti-malware software can be efficiently filtered out. Even in case the known virus signatures of the anti-malware module are regularly updated, there is some risk that newest generation malware (so called “zero-day malware”) may remain undetected. Hence, the known anti-malware detection for communications systems or communications networks has the risk that newest generation malware remains undetected for a longer period of time. Accordingly, malicious messages which are erroneously considered to be clean may be routed to message receiving devices rather than filtered out.
Accordingly, there is a need for an efficient malware detection technique in communications networks which overcomes the above-mentioned technical disadvantages.