发明授权
US08595830B1 Method and system for detecting malware containing E-mails based on inconsistencies in public sector “From” addresses and a sending IP address
有权
基于公共部门“从”地址和发送IP地址的不一致性检测包含电子邮件的恶意软件的方法和系统
- 专利标题: Method and system for detecting malware containing E-mails based on inconsistencies in public sector “From” addresses and a sending IP address
- 专利标题(中): 基于公共部门“从”地址和发送IP地址的不一致性检测包含电子邮件的恶意软件的方法和系统
-
申请号: US12844738申请日: 2010-07-27
-
公开(公告)号: US08595830B1公开(公告)日: 2013-11-26
- 发明人: Martin Lee
- 申请人: Martin Lee
- 申请人地址: US CA Mountain View
- 专利权人: Symantec Corporation
- 当前专利权人: Symantec Corporation
- 当前专利权人地址: US CA Mountain View
- 代理机构: McKay and Hodgson, LLP
- 代理商 Serge J. Hodgson; Sean P. Lewis
- 主分类号: H04L29/06
- IPC分类号: H04L29/06
摘要:
A method and apparatus for detecting malware containing e-mails based on inconsistencies between a governmental agency “From” address and a sending IP address whereby an incoming e-mail is analyzed to determine if the incoming e-mail includes a “From” address having a domain suffix that is normally associated with a governmental agency, such as a .gov, .gov.uk, .go.jp, or any similar governmental domain suffix. The connecting IP address or IP addresses within the received headers associated with the incoming e-mail are then analyzed to determine the geographical locations through which the incoming e-mail passed. If the geographical locations associated with these sending IP addresses of the incoming e-mail are not consistent with the country indicated by the domain suffix in the governmental “From” address of the incoming e-mail then the protective action is taken.
信息查询
