Determination of participation in a malicious software campaign
US7899870B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 25, 2007 |
| Grant date | Mar 1, 2011 |
| Priority date | — |
| Expiry date | Apr 9, 2028 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Sources of spam, such as botnets, are detected by analyzing message traffic for behavioral patterns and indications of suspicious content. The content of a known malicious source is analyzed. Message traffic associated with the known malicious source is analyzed. Associated message traffic includes messages sent directly from the known malicious source to recipients, and messages sent from the recipients to subsequent direct and indirect recipients. Portions of the content of the known malicious source are selected and content of associated message traffic is analyzed for an indication of the selected content. If the selected content is found in the content of a message, the source of the message is determined to be a source of spam. Associated message traffic is additionally analyzed for behavioral patterns, such as anomalies and/or flurries of activity, to determine a potential malicious source.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.