Computer virus control

US 20030154394A1
Filed: 02/13/2002
Published: 08/14/2003
Est. Priority Date: 02/13/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of virus control for a plurality of clients of an e-mail server, said e-mail server associated with a network, said method comprising:

centrally monitoring for a pre-defined activity at any of said plurality of clients;

on discovery of said pre-defined activity at a given one of said plurality of clients, blocking e-mail traffic from said given client, said pre-defined activity comprising receiving an e-mail message from said given client having a pre-defined recipient address.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Virus control is provided for a plurality of clients of an e-mail server associated with a network by centrally monitoring for a pre-defined activity at any of the plurality of clients. On discovery of the pre-defined activity at a given one of the plurality of clients, e-mail traffic from the given client is blocked. The pre-defined activity may be monitoring for e-mail from clients which is addressed to any of a plurality of pre-defined addresses. These pre-defined addresses may be salted through the address book of a client such that they are likely to be utilised by a computer virus which tries to send e-mail.

Citations

29 Claims

1. A method of virus control for a plurality of clients of an e-mail server, said e-mail server associated with a network, said method comprising:
- centrally monitoring for a pre-defined activity at any of said plurality of clients;
  
  on discovery of said pre-defined activity at a given one of said plurality of clients, blocking e-mail traffic from said given client, said pre-defined activity comprising receiving an e-mail message from said given client having a pre-defined recipient address.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein said pre-defined recipient address addresses a fictitious recipient.
  - 3. The method of claim 1 further comprising:
    - logging e-mail messages sent by said plurality of clients in a message log;
      
      on discovery of said pre-defined recipient address in said e-mail message from said given client, searching said message log for other e-mail messages sent by said given client.
  - 4. The method of claim 3 further comprising:
    - on finding one or more of said other e-mail messages, identifying recipient addresses in said one or more other e-mail messages and sending a virus alert e-mail message to each identified recipient address.
  - 5. The method of claim 1 wherein said blocking e-mail traffic from said given client comprises dropping e-mail from said given client.
  - 6. The method of claim 1 wherein said centrally monitoring comprises monitoring at an e-mail server.
  - 7. The method of claim 1 further comprising, on discovery of said pre-defined recipient address in said e-mail message from said given client, sending a virus alert message to said given client.

8. A method of virus control at a server side for a plurality of clients, said server side handling e-mail traffic to and from a network, comprising:
- receiving an e-mail message at said server side from a given client of said plurality of clients;
  
  checking a recipient address of said e-mail message for a pre-defined recipient address;
  
  on discovery of said pre-defined recipient address, blocking e-mail traffic from said given client.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 9. The method of claim 8 further comprising:
    - logging e-mail messages sent by said plurality of clients in a message log;
      
      on said discovery of said pre-defined recipient address in said e-mail message from said given client, searching said message log for other e-mail messages sent by said given client.
  - 10. The method of claim 9 wherein said searching comprises searching for messages sent by said given client within a pre-determined time of a time of sending of said e-mail message.
  - 11. The method of claim 9 further comprising:
    - on finding one or more of said other e-mail messages, identifying recipient addresses in said one or more other e-mail messages and sending a virus alert e-mail message to each identified recipient address.
  - 12. The method of claim 9 further comprising:
    - on finding one or more of said other e-mail messages, identifying each recipient address and, where an identified recipient address is for one of said plurality of clients, blocking all e-mail traffic from said one of said plurality of clients.
  - 13. The method of claim 11 wherein said searching comprises searching for messages sent by said given client within a pre-determined time of a time of sending said e-mail message.
  - 14. The method of claim 11 wherein said searching comprises searching in reverse time order from a time of sending of said e-mail message for a pre-determined number of messages sent by said given client.
  - 15. The method of claim 8 wherein said checking comprises checking said recipient address of said e-mail message against a list of recipient addresses.
  - 16. The method of claim 8 wherein said blocking e-mail traffic from said given client comprises dropping e-mail traffic received from said given client.
  - 17. The method of claim 9 wherein said logging e-mail messages comprises logging sending and receiving addresses from said e-mail messages along with times of sending.
  - 18. The method of claim 8 further comprising:
    - on discovery of said pre-defined recipient address, sending an alarm notification.
  - 19. The method of claim 15 wherein said list of recipient addresses comprises addresses beginning with at least a majority of letters of the alphabet.

20. A method for facilitating virus control, comprising:
- salting stored data accessible by each of a plurality of clients of an e-mail server, which data normally contains e-mail addresses, with a plurality of fictitious e-mail addresses, each of said addresses having a valid format.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The method of claim 20 wherein said stored data comprises at least one of an address book of an e-mail application, a message store of an e-mail application, and a web page.
  - 22. The method of claim 20 further comprising choosing said fictitious e-mail addresses such that for each letter of a majority of letters of the alphabet there is a fictitious e-mail address beginning with said letter.
  - 23. The method of claim 20 further comprising:
    - storing said plurality of fictitious e-mail addresses for each of said plurality of clients at said e-mail server.
  - 24. The method of claim 20 further comprising:
    - on receiving, at said e-mail server, an e-mail message from a given client addressed to one of said plurality of fictitious addresses, blocking all e-mail traffic from said given client.
  - 25. The method of claim 24 wherein said e-mail server is a simple mail transfer protocol server.
  - 26. The method of claim 24 wherein said blocking all e-mail traffic from said given client comprises at least one of blocking e-mail traffic having a source address pointing to said given client and blocking e-mail traffic having a network address most recently associated with said given client.

27. A processor adapted for virus control, comprising:
- means for monitoring for e-mail from any of a plurality of clients addressed to any of a plurality of pre-defined addresses;
  
  means for, on discovery of e-mail from a given client addressed to one of said pre-defined addresses, blocking e-mail traffic from said given client.
- View Dependent Claims (28)
- - 28. The processor of claim 27 further comprising a hit list for storing said plurality of pre-defined addresses.

29. A computer readable medium, which when loaded into a processor, adapts said processor to:
- monitor for e-mail from any of a plurality of clients addressed to any of a plurality of pre-defined addresses;
  
  on discovery of e-mail from a given client addressed to one of said pre-defined addresses, block e-mail traffic from said given client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lawrence R. Levin
Original Assignee
Lawrence R. Levin
Inventors
Levin, Lawrence R.

Application Number

US10/074,842
Publication Number

US 20030154394A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/1408   by monitoring network traff...

H04L 63/145   the attack involving the pr...

H04L 63/1491   using deception as counterm...

Computer virus control

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Computer virus control

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links