Apparatus, and system for determining and cautioning users of Internet connected clients of potentially malicious software and method for operating such
First Claim
1. A method for operating a customer data collection and protection apparatus which has a processor configured by a software product comprises at least two of the following steps:
- transmitting backfeeds to a central server about traffic to or attempts to connect with uncategorized targets;
receiving a directory from the central server containing at least one identifier of at least one suspicious, malicious, or infectious target and appropriate actions; and
presenting end users with at least one warning of possible infection, malicious code, or suspicious behavior and controls for a malware cleanup tool, wherein a target is one of an IP address and a Uniform Resource Identifier (URI) for a real or fictitious host.
9 Assignments
0 Petitions
Accused Products
Abstract
A system at a central server and at a plurality of web filters is installed to observe traffic and to protect users from attempting connection to suspicious, malicious, and/or infectious targets. Targets are defined as Uniform Resource Identifiers (URI) and Internet Protocol (IP) addresses. Traffic is collected, analyzed, and reported for further analysis. Behavior is analyzed for each client attempting a connection to an uncategorized target. IP addresses and URIs are evaluated toward placement in either a Trusted target store or an Anomalous target store. The accumulated content of Anomalous target store is provided back to the Network Service Subscriber Clients. Warnings and tools are presented when appropriate.
-
Citations
20 Claims
-
1. A method for operating a customer data collection and protection apparatus which has a processor configured by a software product comprises at least two of the following steps:
-
transmitting backfeeds to a central server about traffic to or attempts to connect with uncategorized targets; receiving a directory from the central server containing at least one identifier of at least one suspicious, malicious, or infectious target and appropriate actions; and presenting end users with at least one warning of possible infection, malicious code, or suspicious behavior and controls for a malware cleanup tool, wherein a target is one of an IP address and a Uniform Resource Identifier (URI) for a real or fictitious host. - View Dependent Claims (2, 3)
-
-
4. A method for operation of a central server which has a processor configured by a software product to detect and distribute identifiers of suspicious, infectious, and malicious targets comprises at least two of the following steps:
-
receiving backfeeds from a plurality of web filter apparatus about traffic to or attempts to connect with uncategorized targets; applying rules and patterns to identify a target as at least one of suspicious, malicious, or infectious; and provisioning a plurality of web filters with an update having at least one identifier of a suspicious, malicious, or infectious target, a warning, and a malware cleanup tool. - View Dependent Claims (5, 6)
-
-
7. An apparatus comprising a network link circuit, a processor, data storage device, and non-transitory computer readable media having instructions to configure the processor
to observe traffic requesting resolution of an uncategorized URI or having a destination of an uncategorized IP address, and to receive and store an update to a list of uncategorized IP addresses and uncategorized URIs which are observed with traffic that suggests suspicious, malicious or infectious behavior.
- 10. An apparatus comprising a network link circuit, a processor, data storage device, and non-transitory computer readable media having instructions to configure the processor to receive and store a report of an anomalous target and analyze said anomalous target to determine a caveat if appropriate.
-
13. An apparatus comprising a network link circuit, a processor, data storage device, and non-transitory computer readable media having instructions to configure the processor
to receive reports of uncategorized targets and determine when a domain name system request or reverse domain name system request on the target is or is not successful.
-
16. a system comprising a network, attached computer systems, and software to provision:
-
a plurality of customer data collection and protection apparatuses configured to observe requests and traffic having targets which are not categorized targets communicatively coupled to a central server, and the central server, configured to receive reports on uncategorized targets, analyze traffic to and concerning said uncategorized targets, and distribute updates to said customer data collection and protection apparatuses. - View Dependent Claims (17, 18, 19, 20)
-
Specification