Systems and methods for distributing spam signatures

US 8,458,268 B1
Filed: 02/22/2010
Issued: 06/04/2013
Est. Priority Date: 02/22/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for distributing spam signatures, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying a set of spam emails;

identifying a plurality of clients, each client in the plurality of clients having received at least one email in the set of spam emails;

identifying at least one probable mailing list by analyzing email patterns in information received from the plurality of clients to identify at least one group of clients within the plurality of clients that have received a subset of the set of spam emails;

receiving, from a client on the at least one probable mailing list, a request to pre-fetch spam signatures;

in response to the request to pre-fetch spam signatures, creating a set of recipient-specific spam signatures specific to the client by identifying a set of spam emails sent to one or more additional clients on the at least one probable mailing list, wherein creating the set of recipient-specific spam signatures comprises;

identifying a subset of clients in the plurality of clients that belong to the at least one probable mailing list;

determining that the subset of clients have received an additional spam email;

including the additional spam email in the set of spam emails such that a signature of the additional spam email is included in the set of recipient-specific spam signatures;

transmitting the set of recipient-specific spam signatures to the client such that the client is enabled to filter spam messages sent to the one or more additional clients and skip making individual queries for emails identified within the set of recipient-specific spam signatures, wherein;

at least one of the identifying, receiving, creating, and transmitting steps are performed by the computing device comprising the at least one processor.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for distributing spam signatures may include identifying a set of spam e-mails. The computer-implemented method may also include identifying a plurality of clients, each client in the plurality of clients having received at least one e-mail in the set of spam e-mails. The computer-implemented method may further include identifying at least one mailing list by identifying at least one group of clients within the plurality of clients that have received a subset of the set of spam e-mails. The computer-implemented method may additionally include identifying at least one additional spam e-mail sent via the mailing list. The computer-implemented method may also include transmitting information identifying the additional spam e-mail to at least one client on the mailing list. Various other methods, systems, and computer-readable media are also disclosed.

Citations

19 Claims

1. A computer-implemented method for distributing spam signatures, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a set of spam emails;
  
  identifying a plurality of clients, each client in the plurality of clients having received at least one email in the set of spam emails;
  
  identifying at least one probable mailing list by analyzing email patterns in information received from the plurality of clients to identify at least one group of clients within the plurality of clients that have received a subset of the set of spam emails;
  
  receiving, from a client on the at least one probable mailing list, a request to pre-fetch spam signatures;
  
  in response to the request to pre-fetch spam signatures, creating a set of recipient-specific spam signatures specific to the client by identifying a set of spam emails sent to one or more additional clients on the at least one probable mailing list, wherein creating the set of recipient-specific spam signatures comprises;
  
  identifying a subset of clients in the plurality of clients that belong to the at least one probable mailing list;
  
  determining that the subset of clients have received an additional spam email;
  
  including the additional spam email in the set of spam emails such that a signature of the additional spam email is included in the set of recipient-specific spam signatures;
  
  transmitting the set of recipient-specific spam signatures to the client such that the client is enabled to filter spam messages sent to the one or more additional clients and skip making individual queries for emails identified within the set of recipient-specific spam signatures, wherein;
  
  at least one of the identifying, receiving, creating, and transmitting steps are performed by the computing device comprising the at least one processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein identifying the subset of clients comprises randomly selecting clients from the plurality of clients.
  - 3. The computer-implemented method of claim 1, wherein the subset of clients comprises at least one honeypot client, the honeypot client comprising an email address created for the sole purpose of receiving spam emails.
  - 4. The computer-implemented method of claim 1, wherein each client in the subset of clients, other than the client prefetching spam signatures, comprises a honeypot client created for the sole purpose of receiving spam emails.
  - 5. The computer-implemented method of claim 1, wherein creating a set of recipient-specific spam signatures specific to the client by identifying a set of spam emails sent to one or more additional clients on the at least one probable mailing list comprises:
    - determining when the client last requested information identifying spam;
      
      determining that the set of spam emails were associated with the at least one probable mailing list after the client last requested information identifying spam.
  - 6. The computer-implemented method of claim 1, wherein receiving the request to pre-fetch spam signatures comprising transmitting information identifying another spam email received at the client.
  - 7. The computer-implemented method of claim 1, wherein the client sends the request to pre-fetch spam signatures in response to an email program on the client opening.
  - 8. The computer-implemented method of claim 1, wherein the client sends the request to pre-fetch spam signatures in response to an email program on the client attempting to fetch new emails.

9. A system for distributing spam signatures, the system comprising:
- an identification module programmed to;
  
  identify a set of spam emails;
  
  identify a plurality of clients, each client in the plurality of clients having received at least one email in the set of spam emails;
  
  an association module programmed to;
  
  identify at least one probable mailing list by analyzing email patterns in information received from the plurality of clients to identify at least one group of clients within the plurality of clients that have received a subset of the set of spam emails;
  
  receive, from a client on the at least one probable mailing list, a request to pre-fetch spam signatures;
  
  in response to the request to pre-fetch spam signatures, create a set of recipient-specific spam signatures specific to the client by identifying a set of spam emails sent to one or more additional clients on the at least one probable mailing list, wherein the association module is programmed to create the set of recipient-specific spam signatures by;
  
  identifying a subset of clients in the plurality of clients that belong to the at least one probable mailing list;
  
  determining that the subset of clients have received an additional spam email;
  
  including the additional spam email in the set of spam emails such that a signature of the additional spam email is included in the set of recipient-specific spam signatures;
  
  a transmission module programmed to transmit the set of recipient-specific spam signatures to the client such that the client is enabled to filter spam messages sent to the one or more additional clients and skip making individual queries for emails identified within the set of recipient-specific spam signatures;
  
  at least one processor configured to execute the identification module, the association module, and the transmission module.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The system of claim 9, wherein the request to pre-fetch spam signatures comprises a request for information about new or additional spam emails sent via one or more mailing lists of which the client is a member.
  - 11. The system of claim 9, wherein:
    - the association module is programmed to determine the client belongs to a plurality of mailing lists;
      
      determining that the client belongs to a plurality of mailing lists comprises identifying the at least one probable mailing list.
  - 12. The system of claim 11, wherein the association module is programmed to create the set of recipient-specific spam signatures specific to the client by:
    - identifying a subset of clients for each of the plurality of mailing lists;
      
      examining a union of the subset of clients;
      
      identifying the set of spam emails by identifying spam emails received by clients in the union.
  - 13. The system of claim 9, wherein the association module is programmed to identify the set of spam emails sent to one or more additional clients on the at least one probable mailing list by, for each additional email in the set of spam emails, determining that a predetermined proportion of the one or more additional clients on the at least one probable mailing list received the additional email.
  - 14. The system of claim 9, wherein the transmission module is programmed to transmit the set of recipient-specific spam signatures to the client by:
    - determining when the client last requested information identifying spam;
      
      determining that the set of spam emails was associated with the at least one probable mailing list after the client last requested information identifying spam.
  - 15. The system of claim 9, wherein the association module is programmed to identify at least one group of clients within the plurality of clients that have received a subset of the set of spam emails by randomly selecting a subset of clients that belong to the at least one probable mailing list.
  - 16. The system of claim 9, wherein the at least one probable mailing list comprises a plurality of clients that are likely to be targets of a common set or class of communications from a common source.
  - 17. The system of claim 9, wherein the association module is programmed to analyze email patterns in information received from the plurality of clients by identifying one or more groups of clients that received substantially similar or equivalent emails messages within a certain time period.

18. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify a set of spam emails;
  
  identify a plurality of clients, each client in the plurality of clients having received at least one email in the set of spam emails;
  
  identify at least one probable mailing list by analyzing email patterns in information received from the plurality of clients to identify at least one group of clients within the plurality of clients that have received a subset of the set of spam emails;
  
  receive, from a client on the at least one probable mailing list, a request to pre-fetch spam signatures;
  
  in response to the request to pre-fetch spam signatures, create a set of recipient-specific spam signatures specific to the client by identifying a set of spam emails sent to one or more additional clients on the at least one probable mailing list, wherein creating the set of recipient-specific spam signatures comprises;
  
  identifying a subset of clients in the plurality of clients that belong to the at least one probable mailing list;
  
  determining that the subset of clients have received an additional spam email;
  
  including the additional spam email in the set of spam emails such that a signature of the additional spam email is included in the set of recipient-specific spam signatures;
  
  transmit the set of recipient-specific spam signatures to the client such that the client is enabled to filter spam messages sent to the one or more additional clients and skip making individual queries for emails identified within the set of recipient-specific spam signatures.
- View Dependent Claims (19)
- - 19. The non-transitory computer-readable-storage medium of claim 18, wherein the one or more computer-executable instructions that are further programmed to cause the computing device to revise the at least one probable mailing list as new reports of spam emails are received from the plurality of clients.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Cooley, Shaun
Primary Examiner(s)
BURGESS, BARBARA N

Application Number

US12/710,056
Time in Patent Office

1,198 Days
Field of Search

709/203, 709/206, 709/207, 709/223, 709/224, 709/225
US Class Current

709/206
CPC Class Codes

G06Q 10/107 Computer-aided management o...

H04L 51/212 using filtering or selectiv...

Systems and methods for distributing spam signatures

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for distributing spam signatures

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links