Search Ranger System and Double-Funnel Model for Search Spam Analyses and Browser Protection

US 20080301281A1
Filed: 05/31/2007
Published: 12/04/2008
Est. Priority Date: 05/31/2007
Status: Active Grant

First Claim

Patent Images

1. A method, implemented at least in part by a computing device, for defeating click-through cloaking, the method comprising:

retrieving a search results page to set a browser variable;

inserting a link to a page into the search results page; and

clicking through to the page using the inserted link.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary method for defeating server-side click-through cloaking includes retrieving a search results page to set a browser variable, inserting a link to a page into the search results page and clicking through to the page using the inserted link. An exemplary method for investigating client-side cloaking includes providing script associated with a suspected spam URL, modifying the script to de-obfuscate the script and executing the modified script to reveal cloaking logic associated with the script. Other methods, systems, etc., are also disclosed.

Citations

14 Claims

1. A method, implemented at least in part by a computing device, for defeating click-through cloaking, the method comprising:
- retrieving a search results page to set a browser variable;
  
  inserting a link to a page into the search results page; and
  
  clicking through to the page using the inserted link.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 wherein the browser variable comprises a document.referrer variable.
  - 3. The method of claim 1 wherein the page uses server-side cloaking.

4. A method, implemented at least in part by a computing device, for defeating click-through cloaking, the method comprising:
- performing a search using a search engine to generate search results;
  
  identifying a page in the search results as a suspected spam page;
  
  initiating a direct visit to the suspect spam page without clicking through the search results;
  
  inserting a fabricated value in a Referrer field of a HTTP header; and
  
  visiting the suspect spam page without clicking through the search results.
- View Dependent Claims (5)
- - 5. The method of claim 4 wherein the suspected spam page uses server-side cloaking.

6. A method, implemented at least in part by a computing device, for tagging a URL as a spam suspect, the method comprising:
- providing a URL;
  
  scanning the URL and recording a scan result;
  
  scanning the URL using an anti-cloaking mechanism and recording an anti-cloaking scan result;
  
  comparing the scan result and the anti-cloaking scan result; and
  
  based on the comparison, determining if the URL is a spam suspect.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6 wherein a difference between the scan result and the anti-cloaking scan result indicates that the URL is a spam suspect.
  - 8. The method of claim 6 wherein the comparing compares a final destination of the scan result to a final destination of the anti-cloaking scan result.
  - 9. The method of claim 8 wherein if the final destinations differ, the determining determines that the URL is a spam suspect.
  - 10. The method of claim 6 further comprising manually investigating the URL if the determining determines that the URL is a spam suspect.

11. A method, implemented at least in part by a computing device, for tagging URLs as spam suspects, the method comprising:
- providing a group of URLs;
  
  scanning the URLs and recording a scan result for each URL;
  
  scanning the URLs using an anti-cloaking mechanism and recording an anti-cloaking scan result for each URL;
  
  for each URL, comparing the scan result and the anti-cloaking scan result; and
  
  for each URL, based on the comparison, determining if the URL is a spam suspect.

12. A method, implemented at least in part by a computing device, for investigating client-side cloaking, the method comprising:
- providing script associated with a suspected spam URL;
  
  modifying the script to de-obfuscate the script; and
  
  executing the modified script to reveal cloaking logic associated with the script.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12 wherein the cloaking logic uses a browser variable.
  - 14. The method of claim 13 wherein the browser variable is the document.referrer variable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wang, Yi-Min, Ma, Ming

Granted Patent

US 7,873,635 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 2221/2119   Authenticating web pages, e...

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1416   Event detection, e.g. attac...

Search Ranger System and Double-Funnel Model for Search Spam Analyses and Browser Protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Search Ranger System and Double-Funnel Model for Search Spam Analyses and Browser Protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links