Controlling hostile electronic mail content

US 7,461,339 B2
Filed: 10/21/2004
Issued: 12/02/2008
Est. Priority Date: 10/21/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method of inserting scripting language code into an electronic message, said method comprising:

receiving said electronic message that is destined for an end user at an end-user device;

determining if said electronic message is hostile to said end user by scanning said electronic message and parsing said electronic message;

converting the message body of said electronic message into HTML format to form an HTML document having an HTML body and an HTML header so that said electronic message can execute within a browser;

inserting URL-request intercepting scripting language code into the HTML body of said HTML document using an insertion module software that copies said electronic message;

modifying said electronic message according to a rule base, wherein the electronic message is parsed to determine if the message body contains Java script code and transforming the Java script code into a comment and wherein an action is performed on the Java script code such that if there is an electronic mail “

From”

header and if a sender domain exists, the sender domain is inserted into the Java script code; and

delivering said HTML document to a computing device of said end user, whereby said electronic message is modified to include said scripting language code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software module at an e-mail gateway server scans incoming e-mail messages suspected of being phishing messages and inserts a script program into the head or body of the message in HTML form. The message is converted into an HTML document if necessary. The script program is written in a language such as VBScript, JScript, ECMAScript or JavaScript and can be run in a browser. The modified message is delivered to the recipient. When the e-mail client software on the user'"'"'s desktop encounters the HTML content a browser starts up and the script program is executed by the browser. The script program can then take any action necessary to counter any hostile content of the message such as providing a warning message, comparing hyperlinks, intercepting a redirect request, warning about suspect attachments, etc.

Citations

25 Claims

1. A method of inserting scripting language code into an electronic message, said method comprising:
- receiving said electronic message that is destined for an end user at an end-user device;
  
  determining if said electronic message is hostile to said end user by scanning said electronic message and parsing said electronic message;
  
  converting the message body of said electronic message into HTML format to form an HTML document having an HTML body and an HTML header so that said electronic message can execute within a browser;
  
  inserting URL-request intercepting scripting language code into the HTML body of said HTML document using an insertion module software that copies said electronic message;
  
  modifying said electronic message according to a rule base, wherein the electronic message is parsed to determine if the message body contains Java script code and transforming the Java script code into a comment and wherein an action is performed on the Java script code such that if there is an electronic mail “
  
  From”
  
  header and if a sender domain exists, the sender domain is inserted into the Java script code; and
  
  delivering said HTML document to a computing device of said end user, whereby said electronic message is modified to include said scripting language code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method as recited in claim 1 wherein said step of inserting occurs on a computer located upstream of the end user'"'"'s computing device.
  - 3. A method as recited in claim 2 wherein said computer is a gateway computer.
  - 4. A method as recited in claim 1 wherein said scripting language code is arranged to execute on said computing device used by said end user to view said electronic message.
  - 5. A method as recited in claim 1 further comprising:
    - adding said HTML document as an attachment to said electronic message.
  - 6. A method as recited in claim 1 further comprising:
    - adding other scripting language code to an HTML header of said HTML document.
  - 7. A method as recited in claim 1 wherein said electronic message is an e-mail message or an instant message.
  - 8. A method as recited in claim 1 wherein said step of determining if said electronic message is hostile includes determining if said electronic message is a phishing message.
  - 9. A method as recited in claim 1 wherein said scripting language code is VBScript, JScript, or ECMAScript.
  - 10. A method as recited in claim 1 further comprising:
    - modifying said electronic message based on information contained in a rule base.
  - 11. A method as recited in claim 1 wherein said scripting language code is arranged to counter a phishing scam.
  - 12. A method as recited in claim 1 wherein said step of inserting occurs at an e-mail server associated with a sender of said electronic message, at a server of an ISP used by said sender of said electronic message, at a server of an ISP used by said end user of said electronic message or at an e-mail server associated with said end user.
  - 13. A method as recited in claim 1 wherein said step of inserting occurs on said end user'"'"'s computing device.

14. A method of executing scripting language code contained within an electronic message, said method comprising:
- receiving said electronic message at a computing device of an end user, said electronic message including hostile content and said scripting language code;
  
  receiving an indication from said end user to open said electronic message;
  
  invoking browser software on said computing device of said end user, said browser software capable of executing said scripting language code;
  
  parsing the electronic message to determine whether a message body contains Java script code and transforming the JavaScript code into a comment and parsing the electronic message to determine whether there is an electronic mail “
  
  From”
  
  header in the electronic message and if a sender domain exists, inserting the sender domain into the JavaScript code;
  
  executing said scripting language code on said computing device of said end user;
  
  intercepting a URL request by enumerating one or more HTML elements that are capable of triggering a URL request;
  
  obtaining a JavaScript object that represents one of the one or more HTML elements.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. A method as recited in claim 14 wherein said step of receiving an indication from said end user includes receiving an indication to select said electronic message, to read said electronic message, or to open an attachment of said electronic message.
  - 16. A method as recited in claim 14 further comprising:
    - presenting a warning message in the body of said electronic message warning said end user about said hostile content.
  - 17. A method as recited in claim 14 wherein said scripting language code is included in an attachment to said electronic message.
  - 18. A method as recited in claim 17 wherein said attachment is an HTML document.
  - 19. A method as recited in claim 14 wherein said electronic message is an e-mail message or an instant message.
  - 20. A method as recited in claim 14 wherein said hostile content indicates that said electronic message is a phishing message.
  - 21. A method as recited in claim 14 wherein said scripting language code is VBScript or, JScript, ECMAScript.
  - 22. A method as recited in claim 14 wherein said step of performing an action includes displaying an actual hyperlink, comparing a hyperlink, parsing said HTML document, testing a URL, intercepting a URL request, comparing a sender'"'"'s address domain with an actual URL domain, comparing a displayed URL domain with an actual URL domain, comparing a sending IP address with a sender'"'"'s address domain, or advising said end user.
  - 23. A method as recited in claim 14 wherein said step of performing an action counters a phishing scam.

24. A computer-readable medium comprising computer code for inserting scripting language code into an electronic message, said computer code of said computer-readable medium effecting the following:
- receiving said electronic message that is destined for an end user at an end-user device;
  
  determining if said electronic message is hostile to said end user by scanning said electronic message and parsing said electronic message;
  
  converting the message body of said electronic message into HTML format to form an HTML document having an HTML body and an HTML header so that said electronic message can execute within a browser;
  
  inserting URL-request intercepting scripting language code into the HTML body of said HTML document using an insertion module software that copies said electronic message;
  
  modifying said electronic message according to a rule base, wherein the electronic message is parsed to determine if the message body contains Java script code and transforming the Java script code into a comment and wherein an action is performed on the Java script code such that if there is an electronic mail “
  
  From”
  
  header and if a sender domain exists, the sender domain is inserted into the Java script code; and
  
  delivering said HTML document to a computing device of said end user, whereby said electronic message is modified to include said scripting language code.

25. A computer-readable medium comprising computer code for executing scripting language code contained within an electronic message, said computer code of said computer-readable medium effecting the following:
- receiving said electronic message at a computing device of an end user, said electronic message including hostile content and said scripting language code;
  
  receiving an indication from said end user to open said electronic message;
  
  invoking browser software on said computing device of said end user, said browser software capable of executing said scripting language code;
  
  parsing the electronic message to determine whether a message body contains Java script code and transforming the JavaScript code into a comment and parsing the electronic message to determine whether there is an electronic mail “
  
  From”
  
  header in the electronic message and whether a sender domain exists, inserting the sender domain into the JavaScript code;
  
  executing said scripting language code on said computing device of said end user;
  
  intercepting a URL request by enumerating one or more HTML elements that are capable of triggering a URL request;
  
  obtaining a JavaScript object that represents one of the one or more HTML elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Liao, En-Yi, Liao, Jerry Chinghsien
Primary Examiner(s)
Hong; Stephen S.
Assistant Examiner(s)
Vaughn; Gregory J

Application Number

US10/970,604
Publication Number

US 20060101334A1
Time in Patent Office

1,503 Days
Field of Search

715/500, 715/513, 715/522, 715/524, 715/530, 715/200, 715/234, 715/236, 715/239, 715/248, 715/250, 715/255
US Class Current

715/239
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/606   by securing the transmissio...

G06F 2221/2115   Third party

G06F 40/151   Transformation

G06Q 10/107   Computer-aided management o...

H04L 51/08   Annexed information, e.g. a...

H04L 51/18   Commands or executable codes

H04L 51/212   using filtering or selectiv...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

Controlling hostile electronic mail content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling hostile electronic mail content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links