Method and system for detecting malware containing E-mails based on inconsistencies in public sector “From” addresses and a sending IP address
US8595830B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Jul 27, 2010 |
| Grant date | Nov 26, 2013 |
| Priority date | — |
| Expiry date | Feb 8, 2032 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L51/48
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and apparatus for detecting malware containing e-mails based on inconsistencies between a governmental agency “From” address and a sending IP address whereby an incoming e-mail is analyzed to determine if the incoming e-mail includes a “From” address having a domain suffix that is normally associated with a governmental agency, such as a .gov, .gov.uk, .go.jp, or any similar governmental domain suffix. The connecting IP address or IP addresses within the received headers associated with the incoming e-mail are then analyzed to determine the geographical locations through which the incoming e-mail passed. If the geographical locations associated with these sending IP addresses of the incoming e-mail are not consistent with the country indicated by the domain suffix in the governmental “From” address of the incoming e-mail then the protective action is taken.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.