Method and apparatus for detecting zombie-generated spam
US8775521B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 30, 2006 |
| Grant date | Jul 8, 2014 |
| Priority date | — |
| Expiry date | Nov 1, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Disclosed is a method and system for detecting a zombie attack in a network having a plurality of computers. The method and system include a network analysis module for determining, for each computer, a working set of email addresses associated with emails sent by each computer. A zombie attack is detected by determining at least one of: 1) at least one computer in the plurality is transmitting more than a threshold rate of emails, 2) that at least one of the computers is transmitting more than a first threshold number of emails to email addresses outside of its associated working set, 3) that a first threshold number of computers in the plurality are transmitting email messages to email addresses outside of their associated working set, and 4) that more than a second threshold number of computers are transmitting more than a second threshold number of emails to a recipient computer.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.