×

Method and apparatus for detecting zombie-generated spam

  • US 20080005316A1
  • Filed: 06/30/2006
  • Published: 01/03/2008
  • Est. Priority Date: 06/30/2006
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting a zombie attack in a network having a plurality of computers comprising:

  • determining, for each computer in said plurality of computers, a working set of email addresses associated with emails sent by said each computer; and

    detecting a zombie attack by at least one of;

    determining that at least one computer in said plurality of computers is transmitting more than a threshold rate of emails;

    determining that at least one computer in said plurality of computers is transmitting more than a first threshold number of emails to email addresses outside of its associated working set,determining that a first threshold number of computers in said plurality of computers are transmitting email messages to email addresses outside of their associated working set, anddetermining that more than a second threshold number of computers are transmitting more than a second threshold number of emails to a recipient computer.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×