Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2002-12-17
2009-12-08
Smithers, Matthew B (Department: 2437)
Information security
Monitoring or scanning of software or data including attack...
Reexamination Certificate
active
07631353
ABSTRACT:
Computer-implemented methods, apparati, and computer-readable media for blocking the replication of computer worms in a computer. A method of the present invention comprises the steps of: for an e-mail program installed on the computer, finding the location of a temporary holding area used by the e-mail program for storing and opening e-mail attachments; monitoring the temporary holding area for openings of target programs stored within the temporary holding area; and upon the opening of a target program for execution, implementing a worm mitigation procedure.
REFERENCES:
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5452442 (1995-09-01), Kephart
patent: 5473769 (1995-12-01), Cozza
patent: 5572590 (1996-11-01), Chess
patent: 5696822 (1997-12-01), Nachenberg
patent: 5715174 (1998-02-01), Cotichini et al.
patent: 5715464 (1998-02-01), Crump et al.
patent: 5758359 (1998-05-01), Saxon
patent: 5812763 (1998-09-01), Teng
patent: 5889943 (1999-03-01), Ji et al.
patent: 5951698 (1999-09-01), Chen et al.
patent: 5956481 (1999-09-01), Walsh et al.
patent: 5960170 (1999-09-01), Chen et al.
patent: 5978917 (1999-11-01), Chi
patent: 5987610 (1999-11-01), Franczek et al.
patent: 6052709 (2000-04-01), Paul et al.
patent: 6070244 (2000-05-01), Orchier et al.
patent: 6072830 (2000-06-01), Proctor et al.
patent: 6088803 (2000-07-01), Tso et al.
patent: 6094731 (2000-07-01), Waldin et al.
patent: 6104872 (2000-08-01), Kubota et al.
patent: 6108799 (2000-08-01), Boulay et al.
patent: 6167434 (2000-12-01), Pang
patent: 6192379 (2001-02-01), Bekenn
patent: 6199181 (2001-03-01), Rechef et al.
patent: 6275938 (2001-08-01), Bond et al.
patent: 6338141 (2002-01-01), Wells
patent: 6357008 (2002-03-01), Nachenberg
patent: 6370648 (2002-04-01), Diep
patent: 6493007 (2002-12-01), Pang
patent: 6535891 (2003-03-01), Fisher et al.
patent: 6552814 (2003-04-01), Okimoto et al.
patent: 6611925 (2003-08-01), Spears
patent: 6622150 (2003-09-01), Kouznetsov et al.
patent: 6678734 (2004-01-01), Haatainen et al.
patent: 6697950 (2004-02-01), Ko
patent: 6721721 (2004-04-01), Bates et al.
patent: 6748534 (2004-06-01), Gryaznov et al.
patent: 6763462 (2004-07-01), Marsh
patent: 6813712 (2004-11-01), Luke
patent: 6851057 (2005-02-01), Nachenberg
patent: 6910134 (2005-06-01), Maher et al.
patent: 6981279 (2005-12-01), Arnold et al.
patent: 2002/0004908 (2002-01-01), Galea
patent: 2002/0035696 (2002-03-01), Thacker
patent: 2002/0046275 (2002-04-01), Crosbie et al.
patent: 2002/0083175 (2002-06-01), Afek et al.
patent: 2002/0091940 (2002-07-01), Welborn et al.
patent: 2002/0157008 (2002-10-01), Radatti
patent: 2002/0162015 (2002-10-01), Tang
patent: 2002/0178374 (2002-11-01), Swimmer et al.
patent: 2002/0199120 (2002-12-01), Schmidt
patent: 2003/0023865 (2003-01-01), Cowie et al.
patent: 2003/0051026 (2003-03-01), Carter et al.
patent: 2003/0065926 (2003-04-01), Schultz et al.
patent: 2003/0115485 (2003-06-01), Milliken
patent: 2003/0120951 (2003-06-01), Gartside et al.
patent: 2003/0126449 (2003-07-01), Kelly et al.
patent: 2003/0140049 (2003-07-01), Radatti
patent: 2003/0191966 (2003-10-01), Gleichauf
patent: 2003/0212902 (2003-11-01), van der Made
patent: 2003/0236995 (2003-12-01), Fretwell, Jr.
patent: 2004/0015712 (2004-01-01), Szor
patent: 2004/0015726 (2004-01-01), Szor
patent: 2004/0030913 (2004-02-01), Liang et al.
patent: 2004/0158730 (2004-08-01), Sarkar
patent: 2004/0162808 (2004-08-01), Margolus et al.
patent: 2004/0181687 (2004-09-01), Nachenberg et al.
patent: 2005/0021740 (2005-01-01), Bar et al.
patent: 2005/0044406 (2005-02-01), Stute
patent: 2005/0132205 (2005-06-01), Palliyil et al.
patent: 2005/0177736 (2005-08-01), De los Santos et al.
patent: 2005/0204150 (2005-09-01), Peikari
patent: 2006/0064755 (2006-03-01), Azadet et al.
patent: 1 280 039 (2003-01-01), None
patent: 2 364 142 (2002-01-01), None
patent: WO 97/39399 (1997-10-01), None
patent: WO 01/91403 (2001-11-01), None
patent: WO 02/05072 (2002-01-01), None
Symantec Corporation “Norton AntiVirus Corporation Edition 7.0” Manual, 1999, Version 1, 44 pages.
Toth, et al “Connection-history based anomaly detection” Proceedings of the 2002 IEEE Workshop on Information Assurance and Security. West Point, NY, Jun. 17-19, 2002. pp. 30-35.
Kephart, Jeffrey et al., “An Immune System For Cyberspace” IBM Thomas J. Watson Research Center, IEEE 1997, pp. 879-884.
Parkhouse, Jayne, “Pelican SafeTNet 2.0”, [online] Jun. 2000, SC Magazine Product Review, [retrieved Dec. 1, 2003] Retrieved from the Internet: <URL: http://www.scmagazine.com/standalone/pelican/sc—pelican.html>.
Szor, P. and Ferrie, P., “Hunting for Metamorphic”, Virus Bulletin Conference, Sep. 2001, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 123-144.
“News Release—Symantec Delivers Cutting-Edge Anti-Virus Technology with Striker32”, Oct. 1, 1999, 2 pages, [online]. Retrieved on Nov. 11, 2003. Retrieved from the Internet <URL:http://www.symantec.com/press/1999
991001.html>. Author unknown.
Szor, P. and Ferrie, P., Attacks on Win32, Virus Bulletin Conference, Sep. 1998, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 57-84.
Szor, P. and Ferrie, P., “Attacks in Win32 Part II”, Virus Bulletin Conference, Sep. 2000, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 47-68.
Delio, M., “Virus Throttle a Hopeful Defense”, Wired News, Dec. 9, 2002, retrieved from Internet Http://www.wired.com
ews/print/0,1294,56753,00.html Jan. 7, 2003.
“System File Protection and Windows ME”, [online], last updated Dec. 4, 2001, [retrieved on Apr. 9, 2002] Retrieved from the Internet: <URL: http://www.Microsoft.com/hwdev/archive/sfp/winME—sfpP.asp>.
“Description of Windows 2000 Windows File Protection Feature (Q222193)”, [online], first published May 26, 1999, last modified Jan. 12, 2002, [retrieved on Apr. 9, 2002] Retrieved from the Internet <URL: http://support.microsoft.com/default.aspx?scid=kb:EN-US;q222193>.
“Software: Windows ME; Windows ME and System File Protection”, [online] last updated Mar. 11, 2002, [retrieved on Apr. 9, 2002] Retrieved from the Internet: <URL: http//www.wackyb.co.nz/mesfp.html>.
Szor, P., “Memory Scanning Under Windows NT”, Virus Bulletin Conference, Sep. 1999, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 1-22.
U.S. Appl. No. 10/255,658, filed Sep. 25, 2002, Szor.
Bakos et al., “Early Detection of Internet Work Activity by Metering ICMP Destination Unreachable Activity.”, Proc. Of SPIE Conference on Sensors, and Command, Control, Communications and Intelligence, Orlando, Apr. 2002.
Kennedy Mark
Renert Charles
Fenwick & West LLP
Khoshnoodi Nadia
Smithers Matthew B
Symantec Corporation
LandOfFree
Blocking replication of e-mail worms does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Blocking replication of e-mail worms, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Blocking replication of e-mail worms will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4101340