Method and system for researching pestware spread through electronic messages

US 20070294396A1
Filed: 06/15/2006
Published: 12/20/2007
Est. Priority Date: 06/15/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for researching pestware, the method comprising:

detecting automatically the presence of an electronic messaging client on a computer, the electronic messaging client having an associated contact list, each contact in the contact list having an associated address on a network;

adding automatically a pestware research contact to the contact list, the address associated with the pestware research contact pointing to a data collection system on the network; and

tracing to its source on the network a pestware threat received at the data collection system via the pestware research contact.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for researching pestware spread through electronic messages is described. One embodiment detects automatically the presence of an electronic messaging client on a computer, the electronic messaging client having an associated contact list, each contact in the contact list having an associated address on a network; adds automatically a pestware research contact to the contact list, the address associated with the pestware research contact pointing to a data collection system on the network; and traces to its source on the network a pestware threat received at the data collection system via the pestware research contact. The principles of the invention can be applied to any electronic messaging system, including electronic mail and instant messaging.

57 Citations

View as Search Results

26 Claims

1. A method for researching pestware, the method comprising:
- detecting automatically the presence of an electronic messaging client on a computer, the electronic messaging client having an associated contact list, each contact in the contact list having an associated address on a network;
  
  adding automatically a pestware research contact to the contact list, the address associated with the pestware research contact pointing to a data collection system on the network; and
  
  tracing to its source on the network a pestware threat received at the data collection system via the pestware research contact.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the electronic messaging client is one of an electronic mail (e-mail) client and an instant messaging (IM) client.
  - 3. The method of claim 1, further comprising:
    - obtaining from the source of the pestware threat a payload associated with the pestware threat; and
      
      deriving from the payload at least one characteristic for use in detecting the payload on a computer.
  - 4. The method of claim 1, wherein the electronic messaging client conceals the pestware research contact from a user of the computer.
  - 5. The method of claim 1, wherein the tracing includes following a hyperlink to a Uniform Resource Locator (URL) on the network.
  - 6. The method of claim 1, wherein the network includes the Internet.

7. A method for gathering information used in detecting pestware, the method comprising:
- receiving over a network at a data collection system an electronic message associated with a pestware threat, the electronic message having been addressed to a pestware research contact, the pestware research contact having been added automatically to a contact list associated with an electronic messaging client on a remote computer connected with the network, the pestware research contact having an associated network address that points to the data collection system;
  
  tracing the pestware threat to its source on the network using information derived from the received electronic message;
  
  obtaining from the source of the pestware threat a payload associated with the pestware threat; and
  
  deriving from the payload at least one characteristic for use in detecting the payload on an affected computer.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7, wherein the electronic messaging client is one of an electronic mail (e-mail) client and an instant messaging (IM) client and the electronic message is one of an e-mail message and an instant message.
  - 9. The method of claim 7, wherein the tracing includes following a hyperlink to a Uniform Resource Locator (URL) on the network.
  - 10. The method of claim 7, wherein the network includes the Internet.

11. A system for researching pestware, the system comprising:
- an electronic messaging client detection module configured to detect automatically the presence of an electronic messaging client on a computer, the electronic messaging client having an associated contact list, each contact in the contact list having an associated address on a network;
  
  a contact installation module configured to add automatically a pestware research contact to the contact list; and
  
  a data collection subsystem connected with the network, the address associated with the pestware research contact pointing to the data collection subsystem, the data collection subsystem being configured to;
  
  receive at the address associated with the pestware research contact an electronic message associated with a pestware threat; and
  
  trace the pestware threat to its source on the network using information derived from the received electronic message.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein the electronic messaging client is one of an electronic mail (e-mail) client and an instant messaging (IM) client and the electronic message is one of an e-mail message and an instant message.
  - 13. The system of claim 11, wherein the data collection subsystem is further configured to:
    - obtain from the source of the pestware threat a payload associated with the pestware threat; and
      
      derive from the payload at least one characteristic for use in detecting the payload on an affected computer.
  - 14. The system of claim 11, wherein the data collection subsystem is configured to trace the pestware threat to its source by following a hyperlink to a Uniform Resource Locator (URL) on the network.
  - 15. The system of claim 11, wherein the network includes the Internet.

16. A data collection system for gathering information used in detecting pestware, the system comprising:
- a communication interface connected with a network;
  
  a message detection module configured to receive through the communication interface an electronic message associated with a pestware threat, the electronic message having been addressed to a pestware research contact, the pestware research contact having been added automatically to a contact list associated with an electronic messaging client on a remote computer connected with the network, the pestware research contact having an associated network address that points to the data collection system;
  
  a source tracing module configured to trace the pestware threat to its source on the network using information derived from the received electronic message;
  
  a payload retrieval module configured to retrieve from the source of the pestware threat a payload associated with the pestware threat; and
  
  a payload analysis module configured to derive from the payload at least one characteristic for use in detecting the payload on an affected computer.
- View Dependent Claims (17, 18, 19)
- - 17. The data collection system of claim 16, wherein the electronic messaging client is one of an electronic mail (e-mail) client and an instant messaging (IM) client and the electronic message is one of an e-mail message and an instant message.
  - 18. The data collection system of claim 16, wherein the source tracing module is configured to trace the pestware threat to its source on the network by following a hyperlink to a Uniform Resource Locator (URL) on the network.
  - 19. The data collection system of claim 16, wherein the network includes the Internet.

20. A system for researching pestware, the system comprising:
- means for detecting automatically the presence of an electronic messaging client on a computer, the electronic messaging client having an associated contact list, each contact in the contact list having an associated address on a network;
  
  means for adding automatically a pestware research contact to the contact list, the address associated with the pestware research contact pointing to a data collection system on the network; and
  
  means for tracing to its source on the network a pestware threat received at the data collection system via the pestware research contact.
- View Dependent Claims (21, 22, 23)
- - 21. The system of claim 20, wherein the electronic messaging client is one of an electronic mail (e-mail) client and an instant messaging (IM) client.
  - 22. The system of claim 20, further comprising:
    - means for obtaining from the source of the pestware threat a payload associated with the pestware threat; and
      
      means for deriving from the payload at least one characteristic for use in detecting the payload on a computer.
  - 23. The system of claim 20, wherein the network includes the Internet.

24. A data collection system for gathering information used in detecting pestware, the system comprising:
- means for receiving over a network an electronic message associated with a pestware threat, the electronic message having been addressed to a pestware research contact, the pestware research contact having been added automatically to a contact list associated with an electronic messaging client on a remote computer connected with the network, the pestware research contact having an associated network address that points to the data collection system;
  
  means for tracing the pestware threat to its source on the network using information derived from the received electronic message;
  
  means for obtaining from the source of the pestware threat a payload associated with the pestware threat; and
  
  means for deriving from the payload at least one characteristic for use in detecting the payload on an affected computer.
- View Dependent Claims (25, 26)
- - 25. The data collection system of claim 24, wherein the electronic messaging client is one of an electronic mail (e-mail) client and an instant messaging (IM) client and the electronic message is one of an e-mail message and an instant message.
  - 26. The data collection system of claim 24, wherein the network includes the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Webroot Software Incorporated (Open Text Corporation)
Original Assignee
Webroot Software Incorporated (Open Text Corporation)
Inventors
Krzaczynski, Eryk W.

Application Number

US11/453,735
Publication Number

US 20070294396A1
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06Q 10/107 Computer-aided management o...

Method and system for researching pestware spread through electronic messages

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for researching pestware spread through electronic messages

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links