System, method, and computer program product for reacting based on a frequency in which a compromised source communicates unsolicited electronic messages

US 8,504,622 B1
Filed: 11/05/2007
Issued: 08/06/2013
Est. Priority Date: 11/05/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying a source of at least two unsolicited electronic messages as compromised, wherein the source is identified as compromised based, at least, on a speed of a network connection associated with an Internet protocol (IP) address of the source, which communicated the at least two unsolicited electronic messages;

determining whether the network connection being used by the source is associated with a cable network connection, a digital subscriber line (DSL) network connection, or a dial-up network connection;

wherein a source is not identified as being compromised if the network connection is associated with a dial-up network connection;

calculating a frequency in which the source communicated the unsolicited electronic messages; and

reacting based on the calculated frequency, wherein the reacting includes displaying an image of a world map reflecting a location associated with the source.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for reacting based on a frequency in which a compromised source communicates unsolicited electronic messages. In use, a source of at least two unsolicited electronic messages is identified as compromised. Additionally, a frequency in which the source communicated the unsolicited electronic messages is calculated. Furthermore, a reaction is performed based on the calculated frequency.

48 Citations

View as Search Results

21 Claims

1. A method, comprising:
- identifying a source of at least two unsolicited electronic messages as compromised, wherein the source is identified as compromised based, at least, on a speed of a network connection associated with an Internet protocol (IP) address of the source, which communicated the at least two unsolicited electronic messages;
  
  determining whether the network connection being used by the source is associated with a cable network connection, a digital subscriber line (DSL) network connection, or a dial-up network connection;
  
  wherein a source is not identified as being compromised if the network connection is associated with a dial-up network connection;
  
  calculating a frequency in which the source communicated the unsolicited electronic messages; and
  
  reacting based on the calculated frequency, wherein the reacting includes displaying an image of a world map reflecting a location associated with the source.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 21)
- - 2. The method as set forth in claim 1, wherein the source includes a zombie computer.
  - 3. The method as set forth in claim 1, wherein the identifying includes determining a speed of a network connection used by the source.
  - 4. The method as set forth in claim 1, wherein the identifying includes comparing a speed of a network connection used by the source against a threshold.
  - 5. The method as set forth in claim 4, wherein the source is identified as compromised if the speed of the network connection exceeds the threshold.
  - 6. The method as set forth in claim 1, wherein the reacting includes alerting an internet service provider (ISP) that hosts the source.
  - 7. The method as set forth in claim 1, wherein the reacting includes displaying an amount of unsolicited electronic messages sent by the source.
  - 8. The method as set forth in claim 1, wherein the reacting includes displaying a name of the source.
  - 9. The method as set forth in claim 1, wherein the reacting includes displaying an internet service provider (ISP) for the source.
  - 10. The method as set forth in claim 1, wherein the reacting includes displaying the frequency in which the source communicated the unsolicited electronic messages.
  - 11. The method as set forth in claim 1, wherein the world map includes markings designating an amount of compromised sources at particular locations.
  - 12. The method as set forth in claim 1, further comprising retrieving the unsolicited electronic messages using one or more traps.
  - 13. The method as set forth in claim 1, further comprising storing the unsolicited electronic messages in a database.
  - 14. The method as set forth in claim 13, further comprising forwarding the unsolicited electronic messages from the database to a mail parser.
  - 15. The method as set forth in claim 14, further comprising parsing the unsolicited electronic messages utilizing the mail parser.
  - 16. The method as set forth in claim 1, wherein calculating the frequency includes determining a time difference between receipt of one of the unsolicited electronic messages and receipt of a subsequent one of the unsolicited electronic messages.
  - 17. The method as set forth in claim 1, further comprising recording a time that the unsolicited electronic messages are received.
  - 21. The method as set forth in claim 3, wherein the speed of the network connection is determined using an internet protocol (IP) netspeed database.

18. A computer program product embodied on a tangible non-transitory computer readable medium, comprising:
- computer code for identifying a source of at least two unsolicited electronic messages as compromised, wherein the source is identified as compromised based, at least, on a speed of a network connection associated with an Internet protocol (IP) address of the source, which communicated the at least two unsolicited electronic messages;
  
  determining whether the network connection being used by the source is associated with a cable network connection, a digital subscriber line (DSL) network connection, or a dial-up network connection;
  
  wherein a source is not identified as being compromised if the network connection is associated with a dial-up network connection;
  
  computer code for calculating a frequency in which the source communicated the unsolicited electronic messages; and
  
  computer code for reacting based on the calculated frequency, wherein the reacting includes displaying an image of a world map reflecting a location associated with the source.

19. A system, comprising:
- a processor coupled to a memory and operable to cooperate such that the system can exchange information in a network, the system being configured for;
  
  identifying a source of at least two unsolicited electronic messages as compromised, wherein the source is identified as compromised based, at least, on a speed of a network connection associated with an Internet protocol (IP) address of the source, which communicated the at least two unsolicited electronic messages;
  
  determining whether the network connection being used by the source is associated with a cable network connection, a digital subscriber line (DSL) network connection, or a dial-up network connection;
  
  wherein a source is not identified as being compromised if the network connection is associated with a dial-up network connection;
  
  calculating a frequency in which the source communicated the unsolicited electronic messages, and reacting based on the calculated frequency, wherein the reacting includes displaying an image of a world map reflecting a location associated with the source.
- View Dependent Claims (20)
- - 20. The system as set forth in claim 19, wherein the memory is coupled to the processor via a bus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Roberts, Guy William Welch, Sargent, John, Mariswamy, Hariprasad, Barton, Christopher, Kelly, Nick P., Umashankar, Karthik, Walker, Paul D.
Primary Examiner(s)
Emmanuel, Moise
Assistant Examiner(s)
Ashraf, Waseem

Application Number

US11/935,185
Time in Patent Office

2,101 Days
Field of Search

709/206
US Class Current

709/206
CPC Class Codes

H04L 51/212 using filtering or selectiv...

H04L 63/1425 Traffic logging, e.g. anoma...

System, method, and computer program product for reacting based on a frequency in which a compromised source communicates unsolicited electronic messages

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

System, method, and computer program product for reacting based on a frequency in which a compromised source communicates unsolicited electronic messages

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others