Invention Grant
US08595830B1 Method and system for detecting malware containing E-mails based on inconsistencies in public sector “From” addresses and a sending IP address
有权
基于公共部门“从”地址和发送IP地址的不一致性检测包含电子邮件的恶意软件的方法和系统
- Patent Title: Method and system for detecting malware containing E-mails based on inconsistencies in public sector “From” addresses and a sending IP address
- Patent Title (中): 基于公共部门“从”地址和发送IP地址的不一致性检测包含电子邮件的恶意软件的方法和系统
-
Application No.: US12844738Application Date: 2010-07-27
-
Publication No.: US08595830B1Publication Date: 2013-11-26
- Inventor: Martin Lee
- Applicant: Martin Lee
- Applicant Address: US CA Mountain View
- Assignee: Symantec Corporation
- Current Assignee: Symantec Corporation
- Current Assignee Address: US CA Mountain View
- Agency: McKay and Hodgson, LLP
- Agent Serge J. Hodgson; Sean P. Lewis
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
A method and apparatus for detecting malware containing e-mails based on inconsistencies between a governmental agency “From” address and a sending IP address whereby an incoming e-mail is analyzed to determine if the incoming e-mail includes a “From” address having a domain suffix that is normally associated with a governmental agency, such as a .gov, .gov.uk, .go.jp, or any similar governmental domain suffix. The connecting IP address or IP addresses within the received headers associated with the incoming e-mail are then analyzed to determine the geographical locations through which the incoming e-mail passed. If the geographical locations associated with these sending IP addresses of the incoming e-mail are not consistent with the country indicated by the domain suffix in the governmental “From” address of the incoming e-mail then the protective action is taken.
Information query
