Blocking replication of e-mail worms
First Claim
Patent Images
1. A computer-implemented method for blocking the replication of computer worms in a computer, said method comprising the steps of:
- for an e-mail program installed on the computer, finding the location of a temporary holding area used by the e-mail program for storing and opening e-mail attachments, the email attachments comprising target programs;
monitoring the temporary holding area for openings of target programs stored within the temporary holding area;
implementing a worm mitigation procedure when a target program is opened for execution and prior to detection of a worm in the target program, wherein the worm mitigation procedure comprises preventing the target program from accessing port 25; and
when the target program attempts to access port 25;
alerting a user of the computer; and
executing a false positive mitigation procedure, wherein the target program is allowed to access port 25 when a false positive is found.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer-implemented methods, apparati, and computer-readable media for blocking the replication of computer worms in a computer. A method of the present invention comprises the steps of: for an e-mail program installed on the computer, finding the location of a temporary holding area used by the e-mail program for storing and opening e-mail attachments; monitoring the temporary holding area for openings of target programs stored within the temporary holding area; and upon the opening of a target program for execution, implementing a worm mitigation procedure.
76 Citations
24 Claims
-
1. A computer-implemented method for blocking the replication of computer worms in a computer, said method comprising the steps of:
-
for an e-mail program installed on the computer, finding the location of a temporary holding area used by the e-mail program for storing and opening e-mail attachments, the email attachments comprising target programs; monitoring the temporary holding area for openings of target programs stored within the temporary holding area; implementing a worm mitigation procedure when a target program is opened for execution and prior to detection of a worm in the target program, wherein the worm mitigation procedure comprises preventing the target program from accessing port 25; and when the target program attempts to access port 25; alerting a user of the computer; and executing a false positive mitigation procedure, wherein the target program is allowed to access port 25 when a false positive is found. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus for blocking the replication of computer worms in a computer, said apparatus comprising:
-
means for finding a temporary holding area used for storing and opening e-mail attachments by an e-mail program installed on the computer, the email attachments comprising target programs; coupled to the temporary holding area, a file system filter driver adapted to monitor openings of target programs stored within the temporary holding area; and coupled to the file system filter driver, a worm mitigation module adapted to; execute a worm mitigation procedure when a target program is opened for execution prior to detection of a worm in the target program, wherein the worm mitigation procedure comprises preventing the target program from accessing port 25; and when the target program attempts to access port 25; alert a user of the computer; and execute a false positive mitigation procedure, wherein the target program is allowed to access port 25 when a false positive is found. - View Dependent Claims (17)
-
-
18. A computer-readable storage medium storing computer program instructions for blocking the replication of computer worms in a computer, said computer program instructions performing the steps of:
-
for an e-mail program installed in memory on the computer, finding the location of a temporary holding area in memory on the computer used by the e-mail program for storing and opening e-mail attachments, the email attachments comprising target programs; monitoring the temporary holding area for openings of target programs stored within the temporary holding area; implementing a worm mitigation procedure when the target program opens itself for execution and prior to detection of a worm in the target program, wherein the worm mitigation procedure comprises preventing the target program from accessing port 25; and when the target program attempts to access port 25; alerting a user of the computer; and executing a false positive mitigation procedure, wherein the target program is allowed to access port 25 when a false positive is found. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
Specification