Proactive prevention of polymorphic SMTP worms
First Claim
1. A method comprising:
- emulating a SMTP client application comprising generating at least one SMTP client application dirty page;
emulating an executable application sent from said SMTP client application comprising generating at least one executable application dirty page; and
determining whether said at least one SMTP client application dirty page is a match of said at least one executable application dirty page.
2 Assignments
0 Petitions
Accused Products
Abstract
A method includes establishing a SMTP proxy, defining an application that forms a connection with the SMTP proxy as a SMTP client application, emulating the SMTP client application including generating at least one SMTP client application dirty page, intercepting an executable application sent from the SMTP client application with the SMTP proxy, emulating the executable application including generating at least one executable application dirty page. If a determination is made that the at least one SMTP client application dirty page is a match and the at least one executable application dirty page, a determination is made that the SMTP client application is polymorphic malicious code that is attempting to send itself and protective action is taken.
51 Citations
22 Claims
-
1. A method comprising:
-
emulating a SMTP client application comprising generating at least one SMTP client application dirty page;
emulating an executable application sent from said SMTP client application comprising generating at least one executable application dirty page; and
determining whether said at least one SMTP client application dirty page is a match of said at least one executable application dirty page. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
emulating a SMTP client application;
determining whether SMTP client application dirty pages were generated during said emulating a SMTP client application;
excluding said SMTP client application as a polymorphic malicious code upon a determination that said SMTP client application dirty pages were not generated; and
saving a state of said SMTP client application upon a determination that said SMTP client application dirty pages were generated. - View Dependent Claims (20)
-
-
21. A computer program product comprising a polymorphic worm blocking application, said polymorphic worm blocking application for:
-
emulating a SMTP client application comprising generating at least one SMTP client application dirty page;
emulating an executable application sent from said SMTP client application comprising generating at least one executable application dirty page; and
determining whether said at least one SMTP client application dirty page is a match of said at least one executable application dirty page.
-
-
22. A method comprising:
-
establishing a SMTP proxy;
defining an application that forms a connection with said SMTP proxy as a SMTP client application;
decrypting said SMTP client application;
intercepting an executable application sent from said SMTP client application with said SMTP proxy;
decrypting said executable application; and
determining whether said SMTP client application when decrypted is the same as said executable application when decrypted.
-
Specification