Using domain name service resolution queries to combat spyware
First Claim
1. A computer implemented method for combating spyware, the method comprising:
- using a computer to execute method steps, the steps comprising;
maintaining a list of domain names associated with spyware;
monitoring domain name service queries;
detecting a domain name service query on a domain name on the list of domain names associated with spyware; and
responsive to detecting the domain name service query on the domain name on the list of domain names associated with spyware, resolving the domain name service query to an Internet Protocol (IP) address of a designated computer, the IP address of the designated computer being different from an IP address of the domain name in the domain name service query.
5 Assignments
0 Petitions
Accused Products
Abstract
An anti-spyware manager uses domain name service resolution queries to combat spyware. The anti-spyware manager maintains a list of domain names associated with spyware, monitors domain name service queries, and detects queries on domain names on the list. Responsive to detecting a domain name service query on a domain name associated with spyware, the anti-spyware manager forces the domain name service query to resolve to an address not associated with the domain name. Because attempts by spyware to communicate with its home server are now routed to the forced address, the spyware is unable to communicate with its homer server, and thus can neither steal information nor download updates of itself. Additionally, the anti-spyware manager can identify computers that are infected with spyware and clean or quarantine them.
44 Citations
23 Claims
-
1. A computer implemented method for combating spyware, the method comprising:
using a computer to execute method steps, the steps comprising; maintaining a list of domain names associated with spyware; monitoring domain name service queries; detecting a domain name service query on a domain name on the list of domain names associated with spyware; and responsive to detecting the domain name service query on the domain name on the list of domain names associated with spyware, resolving the domain name service query to an Internet Protocol (IP) address of a designated computer, the IP address of the designated computer being different from an IP address of the domain name in the domain name service query. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
16. A non transitory computer readable storage medium containing executable program code for combating spyware, the computer readable medium comprising program codes for:
-
maintaining a list of domain names associated with spyware;
monitoring domain name service queries;
detecting a domain name service query on a domain name on the list of domain names associated with spyware; andresponsive to detecting the domain name service query on the domain name on the list of domain names associated with spyware, resolving the domain name service query to resolve an Internet Protocol (IP) address of a designated computer, the IP address of the designated computer being different from an IP address of the domain name in the domain name service query. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A computer system for combating spyware, the computer system comprising:
a computer readable medium storing executable software portions, comprising; a software portion configured to maintain a list of domain names associated with spyware; a software portion configured to monitor domain name service queries; a software portion configured to detect a domain name service query on a domain name on the list of domain names associated with spyware; and a software portion configured to resolve the domain name service query to an Internet Protocol (IP) address of a designated computer, the IP address of the designated computer being different from an IP address of the domain name in the domain name service query, responsive to detecting the domain name service query on the domain name on the list of domain names associated with spyware.
Specification