Method and system for detecting blocking and removing spyware
First Claim
1. A method for detecting spyware activity in a system including a user'"'"'s computer connected to gateway server via a local area network (LAN), the method comprising:
- monitoring, by the gateway server connected to the user'"'"'s computer via the LAN, outgoing communication data sent from the user'"'"'s computer to the Internet via the gateway server;
searching, by the gateway server for at least one bait keyword within said communication data; and
indicating, by the gateway server, spyware activity in the user'"'"'s computer by presence of at least one of said bait keyword within said communication data; and
in response to said indicated spyware activity, automatically blocking, by the gateway server, said outgoing communication data by preventing a forwarding of said outgoing data sent by spyware of the indicated activity to its destination.
6 Assignments
0 Petitions
Accused Products
Abstract
In one aspect, the present invention is directed to a method for detecting spyware activity, the method comprises the steps of: monitoring outgoing communication data sent from a user'"'"'s computer; searching for predefined keywords within the communication data; indicating spyware activity in the user'"'"'s computer by presence of at least one of the predefined keywords within the communication data, the keywords are selected from a group comprising: a signature of the spyware, personal information of the user, an addressee to where the communication data is sent. The method may further comprise: upon detecting a spyware activity in the user'"'"'s computer, blocking communication from the computer. The method may further comprise removing the spyware. The blocking can be carried out at the user'"'"'s computer, at the gateway to which the user'"'"'s computer is connected, etc.
-
Citations
18 Claims
-
1. A method for detecting spyware activity in a system including a user'"'"'s computer connected to gateway server via a local area network (LAN), the method comprising:
-
monitoring, by the gateway server connected to the user'"'"'s computer via the LAN, outgoing communication data sent from the user'"'"'s computer to the Internet via the gateway server; searching, by the gateway server for at least one bait keyword within said communication data; and indicating, by the gateway server, spyware activity in the user'"'"'s computer by presence of at least one of said bait keyword within said communication data; and in response to said indicated spyware activity, automatically blocking, by the gateway server, said outgoing communication data by preventing a forwarding of said outgoing data sent by spyware of the indicated activity to its destination. - View Dependent Claims (2, 3, 4)
-
-
5. A system for detecting spyware activity, the system comprising:
-
means for monitoring outgoing communication data sent from a user'"'"'s computer to the Internet via a gateway server, said monitoring means being located at said gateway server; means for searching at least one bait keyword within said communication data; means for indicating spyware activity in said user'"'"'s computer by presence of at least one of said bait keyword within said communication data, and at least one of; i) blocking means for blocking communication from said computer upon detecting a spyware activity in said user'"'"'s computer by preventing forwarding of said communication data to a destination thereof and ii) removing means for removing said spyware upon detecting said spyware activity in said user'"'"'s computer. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A method for detecting spyware activity in a system including a user'"'"'s computer connected to a gateway sewer via a local area network (LAN), the method comprising:
-
monitoring, by the gateway server, ongoing communication data sent from the user'"'"'s computer to the Internet via the gateway server; searching, by the gateway server for at least one bait keyword within said communication data; and in response to a presence of at least one said bait keyword within said communication data as determined by said searching, automatically removing spyware by the gateway server from the user'"'"'s computer. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method for detecting spyware activity in a system including a user'"'"'s computer connected to gateway server via a local area network (LAN), the method comprising:
-
monitoring, by the gateway server connected to the user'"'"'s computer via the LAN, outgoing communication data sent from the user'"'"'s computer to the Internet via the gateway server; searching, by the gateway server for at least one keyword, other than a resource identifier, within a packet header identifier field of said communication data; and indicating, by the gateway server, spyware activity in the user'"'"'s computer by presence of at least one of said keyword within said packet header identifier field of said communication data; and in response to said indicated spyware activity, automatically blocking, by the gateway server, said outgoing communication data by preventing a forwarding of said outgoing data sent by spyware of the indicated activity to its destination.
-
-
17. A system for detecting spyware activity, the system comprising:
-
means for monitoring outgoing communication data sent from a user s computer to the Internet via a gateway server, said monitoring means being located at said gateway server; means for searching at least one keyword, other than a resource identifier, within a packet header identifier field of said communication data; means for indicating spyware activity in said user'"'"'s computer by presence of at least one of said keyword within saidpacket header identifier field of said communication data, and at least one of; i) blocking means for blocking communication from said computer upon detecting a spyware activity in said user'"'"'s computer by preventing forwarding of said communication data to a destination thereof and ii) removing means for removing said spyware upon detecting said spyware activity in said user'"'"'s computer.
-
-
18. A method for detecting spyware activity in a system including a user'"'"'s computer connected to a gateway server via a local area network (LAN), the method comprising:
-
monitoring, by the gateway server, ongoing communication data sent from the user'"'"'s computer to the Internet via the gateway server; searching, by the gateway server for at least one keyword, other than a resource identifier, within a packet header identifier field of said communication data; and in response to a presence of at least one said keyword within said packet header identifier field of said communication data as determined by said searching, automatically removing spyware by the gateway server from the user'"'"'s computer.
-
Specification