System, method, and computer program product for providing a rating of an electronic message
First Claim
Patent Images
1. A method, comprising:
- receiving an electronic message intended for a recipient;
processing the electronic message;
determining a fingerprint for one or more portions of the electronic message;
comparing the fingerprint with a plurality of predetermined fingerprints that are stored in a database and that are associated with known unwanted data, known unsolicited data, a plurality of uniform resource locators (URLs), and a plurality of known harmful macro-instructions to be executed on a computer, wherein each of the plurality of predetermined fingerprints is assigned a predetermined rating within a predetermined scale indicative of a severity of risk of accessing electronic message content,wherein the severity of risk indicated by the predetermined rating assigned to each of the plurality of predetermined fingerprints is based upon whether the predetermined fingerprint is associated with known unwanted data, known unsolicited data, a URL, or a known harmful macro-instruction; and
providing a rating for the electronic message if the fingerprint matches at least one of the plurality of predetermined fingerprints, the rating being based upon the predetermined rating assigned to the matching at least one predetermined fingerprint, wherein the rating is provided in conjunction with an icon that indicates whether the electronic message includes the unwanted data, and wherein a different icon is provided to indicate a presence of non-malicious data in the electronic message;
wherein the processing of the electronic message is performed in a virtual environment that includes utilizing a virtual machine, opening an attachment of the electronic message in the virtual environment, identifying results of the opening of the attachment within the virtual environment, and analyzing the results of the opening via a behavioral analysis; and
wherein a predetermined rating assigned to a predetermined fingerprint associated with a known harmful macro-instruction indicates a greater severity of risk than a predetermined rating assigned to a predetermined fingerprint associated with a URL.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are included for providing a rating of an electronic message to a recipient. In use, an electronic message intended for a recipient is rated. Additionally, the rating and die electronic message are provided to the recipient.
53 Citations
17 Claims
-
1. A method, comprising:
-
receiving an electronic message intended for a recipient; processing the electronic message; determining a fingerprint for one or more portions of the electronic message; comparing the fingerprint with a plurality of predetermined fingerprints that are stored in a database and that are associated with known unwanted data, known unsolicited data, a plurality of uniform resource locators (URLs), and a plurality of known harmful macro-instructions to be executed on a computer, wherein each of the plurality of predetermined fingerprints is assigned a predetermined rating within a predetermined scale indicative of a severity of risk of accessing electronic message content, wherein the severity of risk indicated by the predetermined rating assigned to each of the plurality of predetermined fingerprints is based upon whether the predetermined fingerprint is associated with known unwanted data, known unsolicited data, a URL, or a known harmful macro-instruction; and providing a rating for the electronic message if the fingerprint matches at least one of the plurality of predetermined fingerprints, the rating being based upon the predetermined rating assigned to the matching at least one predetermined fingerprint, wherein the rating is provided in conjunction with an icon that indicates whether the electronic message includes the unwanted data, and wherein a different icon is provided to indicate a presence of non-malicious data in the electronic message; wherein the processing of the electronic message is performed in a virtual environment that includes utilizing a virtual machine, opening an attachment of the electronic message in the virtual environment, identifying results of the opening of the attachment within the virtual environment, and analyzing the results of the opening via a behavioral analysis; and wherein a predetermined rating assigned to a predetermined fingerprint associated with a known harmful macro-instruction indicates a greater severity of risk than a predetermined rating assigned to a predetermined fingerprint associated with a URL. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer program product embodied on a tangible non-transitory computer readable medium for performing operations on a computer, the operations comprising:
-
receiving an electronic message intended for a recipient; processing the electronic message; determining a fingerprint for one or more portions of the electronic message; comparing the fingerprint with a plurality of predetermined fingerprints that are stored in a database and that are associated with known unwanted data, known unsolicited data, a plurality of uniform resource locators (URLs), and a plurality of known harmful macro-instructions to be executed on a particular computer, wherein each of the plurality of predetermined fingerprints is assigned a predetermined rating within a predetermined scale indicative of a severity of risk of accessing electronic message content, wherein the severity of risk indicated by the predetermined rating assigned to each of the plurality of predetermined fingerprints is based upon whether the predetermined fingerprint is associated with known unwanted data, known unsolicited data, a URL, or a known harmful macro-instruction; and providing a rating for the electronic message if the fingerprint matches at least one of the plurality of predetermined fingerprints, the rating being based upon the predetermined rating assigned to the matching at least one predetermined fingerprint, wherein the rating is provided in conjunction with an icon that indicates whether the electronic message includes unwanted data, and wherein a different icon is provided to indicate a presence of non-malicious data in the electronic message; wherein the processing of the electronic message is performed in a virtual environment that includes utilizing a virtual machine, opening an attachment of the electronic message in the virtual environment, identifying results of the opening of the attachment within the virtual environment, and analyzing the results of the opening via a behavioral analysis; and wherein a predetermined rating assigned to a predetermined fingerprint associated with a known harmful macro-instruction indicates a greater severity of risk than a predetermined rating assigned to a predetermined fingerprint associated with a URL.
-
-
16. A system, comprising:
-
a processor; and a memory coupled to the processor, wherein the system is configured for; receiving an electronic message intended for a recipient; processing the electronic message by the processor; determining a fingerprint for one or more portions of the electronic message; comparing the fingerprint with a plurality of predetermined fingerprints that are stored in a database and that are associated with known unwanted data, known unsolicited data, a plurality of uniform resource locators (URLs), and a plurality of known harmful macro-instructions to be executed on a computer, wherein each of the plurality of predetermined fingerprints is assigned a predetermined rating within a predetermined scale indicative of a severity of risk of accessing electronic message content, wherein the severity of risk indicated by the predetermined rating assigned to each of the plurality of predetermined fingerprints is based upon whether the predetermined fingerprint is associated with known unwanted data, known unsolicited data, a URL, or a known harmful macro-instruction, and providing a rating for the electronic message if the fingerprint matches at least one of the plurality of predetermined fingerprints, the rating being based upon the predetermined rating assigned to the matching at least one predetermined fingerprint, wherein the rating is provided in conjunction with an icon that indicates whether the electronic message includes unwanted data, and wherein a different icon is provided to indicate a presence of non-malicious data in the electronic message; wherein the processing of the electronic message is performed in a virtual environment that includes utilizing a virtual machine, opening an attachment of the electronic message in the virtual environment, identifying results of the opening of the attachment within the virtual environment, and analyzing the results of the opening via a behavioral analysis; and wherein a predetermined rating assigned to a predetermined fingerprint associated with a known harmful macro-instruction indicates a greater severity of risk than a predetermined rating assigned to a predetermined fingerprint associated with a URL. - View Dependent Claims (17)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, LLC
-
Original AssigneeMcAfee, Inc. (McAfee, LLC)
-
InventorsYadava, Amit Kumar, Mathur, Asheesh Dayal
-
Primary Examiner(s)Donabed, Ninos
-
Application NumberUS11/968,983Publication NumberTime in Patent Office2,238 DaysField of Search709/206US Class Current709/206CPC Class CodesG06Q 10/107 Computer-aided management o...H04L 63/145 the attack involving the pr...
