Detecting and processing suspicious network communications

US 9,398,037 B1
Filed: 09/27/2005
Issued: 07/19/2016
Est. Priority Date: 09/27/2004
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

determining that a received network communication is classified by anti-contagion software as infected;

extracting first routing information from the received network communication;

determining whether second routing information from a prior network communication received previously matches the first routing information; and

sending a notification that the received network communication was classified as infected, wherein the notification is sent to a recipient selected from the group consisting of a sender associated with the prior network communication and a third party, wherein the third party is not a sender of the prior network communication and wherein the third party is not a sender of the received network communication, wherein the recipient is selected as the sender associated with the prior network communication if it is determined that the first routing information and the second routing information match, and wherein the recipient is selected as the third party if it is not determined that the first routing information and the second routing information match.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Analyzing routing information to identify and intercept unauthorized, unwanted, and/or otherwise malicious communications is disclosed. In some embodiments, routing information associated with a message currently being processed is checked against corresponding information associated with a message from the same source that was processed previously. In some embodiments, a message processing system that handled and/or otherwise has access to routing information for both messages performs the check, such as a network messaging and/or access service provider with which the sender is associated, performs the check. If the routing information for the current message does not match the corresponding information observed in the previous message, responsive action is taken. Using routing information to determine whether a source of an infected message should be notified is disclosed. In some embodiments, if routing information for a prior message from the source of an infected message is similar to corresponding information for the infected message, the source is notified.

39 Citations

View as Search Results

18 Claims

1. A method, comprising:
- determining that a received network communication is classified by anti-contagion software as infected;
  
  extracting first routing information from the received network communication;
  
  determining whether second routing information from a prior network communication received previously matches the first routing information; and
  
  sending a notification that the received network communication was classified as infected, wherein the notification is sent to a recipient selected from the group consisting of a sender associated with the prior network communication and a third party, wherein the third party is not a sender of the prior network communication and wherein the third party is not a sender of the received network communication, wherein the recipient is selected as the sender associated with the prior network communication if it is determined that the first routing information and the second routing information match, and wherein the recipient is selected as the third party if it is not determined that the first routing information and the second routing information match.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first routing information includes an IP address.
  - 3. The method of claim 1, wherein determining whether the first routing information and the second routing information match includes determining whether the first routing information and the second routing information are associated with the same geographical region.
  - 4. The method of claim 1, wherein the received network communication includes an email message.
  - 5. The method of claim 1, wherein the received network communication includes an instant message.
  - 6. The method of claim 1, wherein the prior network communication includes an email message.
  - 7. The method of claim 1, wherein the network communication is classified as infected because it includes a virus.
  - 8. The method of claim 1, wherein the network communication is classified as infected because it includes a worm.
  - 9. The method of claim 1, wherein the network communication is classified as infected because it includes a Trojan horse.

10. A system, comprising:
- a hardware processor configured to;
  
  determine that a received network communication is classified by anti-contagion software as infected;
  
  extract first routing information from the received network communication;
  
  determine whether second routing information from a prior network communication received previously matches the first routing information; and
  
  send a notification that the received network communication was classified as infected, wherein the notification is sent to a recipient selected from the group consisting of a sender associated with the prior network communication and a third party, wherein the third party is not a sender of the prior network communication and wherein the third party is not a sender of the received network communication, wherein the recipient is selected as the sender associated with the prior network communication if it is determined that the first routing information and the second routing information match, and wherein the recipient is selected as the third party if it is not determined that the first routing information and the second routing information match; and
  
  a memory coupled to the hardware processor and configured to provide instructions to the processor.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, wherein the first routing information includes an IP address.
  - 12. The system of claim 10, wherein determining whether the first routing information and the second routing information match includes determining whether the first routing information and the second routing information are associated with the same geographical region.
  - 13. The system of claim 10, wherein the received network communication includes an email message.
  - 14. The system of claim 10, wherein the received network communication includes an instant message.

15. A computer program product, embodied in a non-transitory computer readable medium and comprising computer instructions for:
- determining that a received network communication is classified by anti-contagion software as infected;
  
  extracting first routing information from the received network communication;
  
  determining whether second routing information from a prior network communication received previously matches the first routing information; and
  
  sending a notification that the received network communication was classified as infected, wherein the notification is sent to a recipient selected from the group consisting of a sender associated with the prior network communication and a third party, wherein the third party is not a sender of the prior network communication and wherein the third party is not a sender of the received network communication, wherein the recipient is selected as the sender associated with the prior network communication if it is determined that the first routing information and the second routing information match, and wherein the recipient is selected as the third party if it is not determined that the first routing information and the second routing information match.
- View Dependent Claims (16, 17, 18)
- - 16. The computer program product of claim 15, wherein the first routing information includes an IP address.
  - 17. The computer program product of claim 15, wherein determining whether the first routing information and the second routing information match includes determining whether the first routing information and the second routing information are associated with the same geographical region.
  - 18. The computer program product of claim 15, wherein the received network communication includes an email message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
K.Mizra LLC
Original Assignee
Radix Holdings, LLC
Inventors
Emigh, Aaron T., Roskind, James A.
Primary Examiner(s)
Weidner, Timothy J

Application Number

US11/237,004
Time in Patent Office

3,948 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 8/65   Updates security arrangemen...

H04L 41/046   comprising network manageme...

H04L 41/082   the condition being updates...

H04L 41/20   Network management software...

H04L 51/222   using geographical location...

H04L 51/42   Mailbox-related aspects, e....

H04L 63/102   Entity profiles

H04L 63/126   the source of the received ...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Detecting and processing suspicious network communications

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Detecting and processing suspicious network communications

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links