Identification of and Countermeasures Against Forged Websites

US 20090228780A1
Filed: 03/05/2008
Published: 09/10/2009
Est. Priority Date: 03/05/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method of identifying a forged website, the forged website including a copy of at least one page of a primary website at an authorized network domain, the method comprising:

hosting a website including a page, the page having code executable by a client device and configured to determine, in response to the page being served to the client device, whether the network domain from which the page was served is an unauthorized domain for serving the page, and further responsive to the network domain being an unauthorized network domain, providing an identification of the unauthorized network domain to an authorized server associated with the authorized network domain.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, a method, and computer program product identify a website that is a forgery of a primary website. Client side executable code is included in a page of the primary website, which page is copied in the forged website. The client side code, when executed by a client device, determines whether the domain from which the page is served is an authorized domain. Where the serving domain is not authorized, the client device is configured to alter the execute countermeasures against the forged website, such as altering operation of the forged page.

78 Citations

View as Search Results

24 Claims

1. A computer implemented method of identifying a forged website, the forged website including a copy of at least one page of a primary website at an authorized network domain, the method comprising:
- hosting a website including a page, the page having code executable by a client device and configured to determine, in response to the page being served to the client device, whether the network domain from which the page was served is an unauthorized domain for serving the page, and further responsive to the network domain being an unauthorized network domain, providing an identification of the unauthorized network domain to an authorized server associated with the authorized network domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - receiving from the client device the identification of the unauthorized network domain; and
      
      transmitting to the client device additional executable code, the additional executable code configured to modify the page.
  - 3. The method of claim 2, further comprising:
    - establishing on the primary website a fake user account associated with fake user credentials; and
      
      transmitting the fake user credentials to the client device, wherein the client device provides the fake user credentials to a server on the unauthorized network domain.
  - 4. The method of claim 2, wherein the additional executable code is configured to modify the page by displaying the page as an empty page.
  - 5. The method of claim 2, wherein the additional executable code is configured to modify the page by removing from the page credential data entry fields.
  - 6. The method of claim 2, wherein the additional executable code is configured to modify the page by generating fake credentials and inputting the fake credentials into credential data entry fields in the page.
  - 7. The method of claim 1, further comprising:
    - receiving, from the client device at the authorized server, an identification of the network domain from which the page was served to the client;
      
      transmitting from the authorized server, an indication of whether the network domain was an authorized domain for serving the page.
  - 8. The method of claim 1, wherein the code executable by the client device is configured to determine whether the network domain from which the page was served is an unauthorized domain for serving the page by comparing the network domain from which the page was served with a list of at least one authorized domain, and responsive to the network domain not being included in the list, determining that the network domain is an unauthorized domain.
  - 9. The method of claim 1, wherein the code executable by the client device is configured to determine whether the network domain from which the page was served is an unauthorized domain for serving the page by transmitting an indication of the network domain from which the page was served to the authorized server, and receiving an indication from the authorized server whether the network domain is an authorized network domain.

10. A computer implemented method of identifying a forged website, the forged website including a copy of at least one page of a primary website, comprising:
- receiving at a client device a page from a server at a network domain;
  
  determining at the client device whether the network domain of the server is an authorized network domain for serving the page; and
  
  responsive to the network domain being an unauthorized network domain, providing an identification of the unauthorized network domain to an authorized server associated with the primary website.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, further comprising:
    - receiving at the client device executable code from the authorized network domain; and
      
      executing the executable code to modify the page served from the unauthorized domain.
  - 12. The method of claim 10, further comprising:
    - transmitting from the client device fake user credentials to a server on the unauthorized network domain, the fake user credentials associated with a fake user account on the primary website.
  - 13. The method of claim 12, wherein the fake user credentials are received from the authorized server.
  - 14. The method of claim 12, wherein the fake user credentials are generated by the client device.
  - 15. The method of claim 10, wherein determining at the client device whether the network domain of the server is an authorized network domain for serving the page comprises:
    - comparing the network domain from which the page was served with a list of at least one authorized domain, and responsive to the network domain not being included in the list, determining that the network domain is an unauthorized domain.
  - 16. The method of claim 10, wherein determining at the client device whether the network domain of the server is an authorized network domain for serving the page comprises:
    - transmitting an indication of the network domain from which the page was served to the authorized server; and
      
      receiving an indication from the authorized server whether the network domain is an authorized network domain.

17. A computer program product, stored in a computer accessible storage medium, the program product comprising:
- a web page, including code executable by a client device and configured to determine, in response to the page being served to the client device, whether the network domain from which the page was served is an unauthorized domain for serving the page, and further responsive to the network domain being an unauthorized network domain, providing an identification of the unauthorized network domain to an authorized server associated with an authorized network domain.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The computer program product of claim 17, wherein the web page includes code configured to modify the page by displaying the page as an empty page.
  - 19. The computer program product of claim 17, wherein the web page includes code configured to modify the page by removing from the page credential data entry fields.
  - 20. The computer program product of claim 17, wherein the web page includes code configured to modify the page by generating fake credentials and inputting the fake credentials into credential data entry fields in the page.
  - 21. The computer program product of claim 17, wherein the code configured to determine whether the network domain from which the page was served is an unauthorized domain for serving the page by comparing the network domain from which the page was served with a list of at least one authorized domain, and responsive to the network domain not being included in the list, determine that the network domain is an unauthorized domain.
  - 22. The computer program product of claim 17, wherein the code is configured to determine whether the network domain from which the page was served is an unauthorized domain for serving the page by transmitting an indication of the network domain from which the page was served to the authorized server, and receiving an indication from the authorized server whether the network domain is an authorized network domain.

23. A computer system, comprising:
- a web server computer system, adapted to communicate with a client device including a web browser; and
  
  a data storage system coupled to the web server computer system, the data storage computer system storing a website including a page, the page having code executable by the client device and configured to determine, whether the network domain from which the page was served is an unauthorized domain for serving the page, and further responsive to the network domain being an unauthorized network domain, providing an identification of the unauthorized network domain to an authorized server associated with an authorized network domain.
- View Dependent Claims (24)
- - 24. The system of claim 23, further comprising:
    - the authorized server, coupled to the web server computer system, and adapted to receive the identification of the unauthorized domain from the client device, and to provide to the client device executable code to modify the page served from the unauthorized domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
McGeehan, Ryan

Granted Patent

US 9,325,731 B2
Time in Patent Office

Days
Field of Search
US Class Current

715/234
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 63/1491   using deception as counterm...

Identification of and Countermeasures Against Forged Websites

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Identification of and Countermeasures Against Forged Websites

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links