Detecting and processing suspicious network communications
First Claim
1. A method, comprising:
- determining that a received network communication is classified by anti-contagion software as infected;
extracting first routing information from the received network communication;
determining whether second routing information from a prior network communication received previously matches the first routing information; and
sending a notification that the received network communication was classified as infected, wherein the notification is sent to a recipient selected from the group consisting of a sender associated with the prior network communication and a third party, wherein the third party is not a sender of the prior network communication and wherein the third party is not a sender of the received network communication, wherein the recipient is selected as the sender associated with the prior network communication if it is determined that the first routing information and the second routing information match, and wherein the recipient is selected as the third party if it is not determined that the first routing information and the second routing information match.
7 Assignments
0 Petitions
Accused Products
Abstract
Analyzing routing information to identify and intercept unauthorized, unwanted, and/or otherwise malicious communications is disclosed. In some embodiments, routing information associated with a message currently being processed is checked against corresponding information associated with a message from the same source that was processed previously. In some embodiments, a message processing system that handled and/or otherwise has access to routing information for both messages performs the check, such as a network messaging and/or access service provider with which the sender is associated, performs the check. If the routing information for the current message does not match the corresponding information observed in the previous message, responsive action is taken. Using routing information to determine whether a source of an infected message should be notified is disclosed. In some embodiments, if routing information for a prior message from the source of an infected message is similar to corresponding information for the infected message, the source is notified.
39 Citations
18 Claims
-
1. A method, comprising:
-
determining that a received network communication is classified by anti-contagion software as infected; extracting first routing information from the received network communication; determining whether second routing information from a prior network communication received previously matches the first routing information; and sending a notification that the received network communication was classified as infected, wherein the notification is sent to a recipient selected from the group consisting of a sender associated with the prior network communication and a third party, wherein the third party is not a sender of the prior network communication and wherein the third party is not a sender of the received network communication, wherein the recipient is selected as the sender associated with the prior network communication if it is determined that the first routing information and the second routing information match, and wherein the recipient is selected as the third party if it is not determined that the first routing information and the second routing information match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system, comprising:
-
a hardware processor configured to; determine that a received network communication is classified by anti-contagion software as infected; extract first routing information from the received network communication; determine whether second routing information from a prior network communication received previously matches the first routing information; and send a notification that the received network communication was classified as infected, wherein the notification is sent to a recipient selected from the group consisting of a sender associated with the prior network communication and a third party, wherein the third party is not a sender of the prior network communication and wherein the third party is not a sender of the received network communication, wherein the recipient is selected as the sender associated with the prior network communication if it is determined that the first routing information and the second routing information match, and wherein the recipient is selected as the third party if it is not determined that the first routing information and the second routing information match; and a memory coupled to the hardware processor and configured to provide instructions to the processor. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer program product, embodied in a non-transitory computer readable medium and comprising computer instructions for:
-
determining that a received network communication is classified by anti-contagion software as infected; extracting first routing information from the received network communication; determining whether second routing information from a prior network communication received previously matches the first routing information; and sending a notification that the received network communication was classified as infected, wherein the notification is sent to a recipient selected from the group consisting of a sender associated with the prior network communication and a third party, wherein the third party is not a sender of the prior network communication and wherein the third party is not a sender of the received network communication, wherein the recipient is selected as the sender associated with the prior network communication if it is determined that the first routing information and the second routing information match, and wherein the recipient is selected as the third party if it is not determined that the first routing information and the second routing information match. - View Dependent Claims (16, 17, 18)
-
Specification