Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2008-05-27
2008-05-27
Moise, Emmanuel L (Department: 2137)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C713S188000
Reexamination Certificate
active
07380277
ABSTRACT:
Computer-implemented methods, systems, and computer-readable media for detecting the presence of malicious computer code in an e-mail sent from a client computer (1) to an e-mail server (2). An embodiment of the inventive method comprises the steps of: interposing (41) an e-mail proxy server (31) between the client computer (1) and the e-mail server (2); allowing (42) the proxy server (31) to intercept e-mails sent from the client computer (1) to the e-mail server (2); enabling (43) the proxy server (31) to determine when a file (30) is attempting to send itself (30) as part of an e-mail; and declaring (44) a suspicion of malicious computer code when the proxy server (31) determines that a file (30) is attempting to send itself (30) as part of an e-mail.
REFERENCES:
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5452442 (1995-09-01), Kephart
patent: 5473769 (1995-12-01), Cozza
patent: 5572590 (1996-11-01), Chess
patent: 5696822 (1997-12-01), Nachenberg
patent: 5715174 (1998-02-01), Cotichini et al.
patent: 5715464 (1998-02-01), Crump et al.
patent: 5758359 (1998-05-01), Saxon
patent: 5812763 (1998-09-01), Teng
patent: 5889943 (1999-03-01), Ji et al.
patent: 5951698 (1999-09-01), Chen et al.
patent: 5956481 (1999-09-01), Walsh et al.
patent: 5960170 (1999-09-01), Chen et al.
patent: 5978917 (1999-11-01), Chi
patent: 5987610 (1999-11-01), Franczek et al.
patent: 6052709 (2000-04-01), Paul et al.
patent: 6070244 (2000-05-01), Orchier et al.
patent: 6072830 (2000-06-01), Proctor et al.
patent: 6088803 (2000-07-01), Tso et al.
patent: 6094731 (2000-07-01), Waldin et al.
patent: 6104872 (2000-08-01), Kubota et al.
patent: 6108799 (2000-08-01), Boulay et al.
patent: 6167434 (2000-12-01), Pang
patent: 6192379 (2001-02-01), Bekenn
patent: 6199181 (2001-03-01), Rechef et al.
patent: 6275938 (2001-08-01), Bond et al.
patent: 6338141 (2002-01-01), Wells
patent: 6357008 (2002-03-01), Nachenberg
patent: 6370648 (2002-04-01), Diep
patent: 6493007 (2002-12-01), Pang
patent: 6535891 (2003-03-01), Fisher et al.
patent: 6552814 (2003-04-01), Okimoto et al.
patent: 6611925 (2003-08-01), Spear
patent: 6622150 (2003-09-01), Kouznetsov et al.
patent: 6678734 (2004-01-01), Haatainen et al.
patent: 6697950 (2004-02-01), Ko
patent: 6721721 (2004-04-01), Bates et al.
patent: 6748534 (2004-06-01), Gryaznov et al.
patent: 6763462 (2004-07-01), Marsh
patent: 6813712 (2004-11-01), Luke
patent: 6851057 (2005-02-01), Nachenberg
patent: 6910134 (2005-06-01), Maher et al.
patent: 2002/0004908 (2002-01-01), Galea
patent: 2002/0035696 (2002-03-01), Thacker
patent: 2002/0046275 (2002-04-01), Crosbie et al.
patent: 2002/0083175 (2002-06-01), Afek et al.
patent: 2002/0091940 (2002-07-01), Wellborn et al.
patent: 2002/0157008 (2002-10-01), Radatti
patent: 2002/0162015 (2002-10-01), Tang
patent: 2002/0178374 (2002-11-01), Swimmer et al.
patent: 2003/0023865 (2003-01-01), Cowie et al.
patent: 2003/0051026 (2003-03-01), Carter et al.
patent: 2003/0065926 (2003-04-01), Schultz et al.
patent: 2003/0115485 (2003-06-01), Milliken
patent: 2003/0120951 (2003-06-01), Gartside et al.
patent: 2003/0126449 (2003-07-01), Kelly et al.
patent: 2003/0140049 (2003-07-01), Radatti
patent: 2003/0191966 (2003-10-01), Gleichauf
patent: 2003/0212902 (2003-11-01), van der Made
patent: 2003/0236995 (2003-12-01), Fretwell, Jr.
patent: 2004/0015712 (2004-01-01), Szor
patent: 2004/0015726 (2004-01-01), Szor
patent: 2004/0030913 (2004-02-01), Liang et al.
patent: 2004/0158730 (2004-08-01), Sarkar
patent: 2004/0162808 (2004-08-01), Margolus et al.
patent: 2004/0181687 (2004-09-01), Nachenberg et al.
patent: 2005/0021740 (2005-01-01), Bar et al.
patent: 2005/0044406 (2005-02-01), Stute
patent: 2005/0132205 (2005-06-01), Palliyil et al.
patent: 2005/0177736 (2005-08-01), De los Santos et al.
patent: 2005/0204150 (2005-09-01), Peikari
patent: 2006/0064755 (2006-03-01), Azadet et al.
patent: 100 21 686 (2001-11-01), None
patent: 1 280 039 (2003-01-01), None
patent: 2 364 142 (2002-01-01), None
patent: WO 97/39399 (1997-10-01), None
patent: WO 01/91403 (2001-11-01), None
patent: WO 02/05072 (2002-01-01), None
Szor, P. and Ferrie, P., Attacks on Win32, Virus Bulletin Conference, Sep. 1998, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 57-84.
Szor, P. and Ferrie, P., “Attacks in Win32 Part II”, Virus Bulletin Conference, Sep. 2000, Virus Bulletin Ltd., The Pentagon, Abington, Oxfordshire, England, pp. 47-68.
Delio, M., “Virus Throttle a Hopeful Defense”, Wired News, Dec. 9, 2002, retrieved from Internet Http://www.wired.com
ews/print/0,1294,56753,00.html Jan. 7, 2003.
“System File Protection and Windows ME”, [online], last updated Dec. 4, 2001, [retrieved on Apr. 9, 2002] Retrieved from the Internet: <URL: http://www.Microsoft.com/hwdev/archive/sfp/winME13sfpP.asp>.
“Description of Windows 2000 Windows File Protection Feature (Q222193)”, [online], first published May 26, 1999, last modified Jan. 12, 2002, [retrieved on Apr. 9, 2002] Retrieved from the Internet <URL: http://support.microsoft.com/default.aspx?scid=kg:EN-US;q222193>.
“Software: Windows ME; Windows ME and System File Protection”, [online] last updated Mar. 11, 2002, [retrieved on Apr. 9, 2002] Retrieved from the Internet: <URL: http//www.wackyb.co.nz/mesfp.html>.
Szor, P., “Memory Scanning Under Windows NT”, Virus Bulletin Conference, Sep. 1999, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 1-22.
Parkhouse, Jayne, “Pelicon SafeTNet 2.0” [online], Jun. 2000, SC Magazine Product Review, [retrieved on Dec. 1, 2003]. Retrieved from the Internet: <URL; http://www.scmagazine.com/scmagazine/standalone/pelican/sc—pelican.html.
Szor, P. and Ferrie, P., “Hunting for Metamorphic”, Virus Bulletin Conference, Sep. 2001, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 123-144.
“News Release—Symantec Delivers Cutting-Edge Anti-Virus Technology with Striker32”, Oct. 1, 1999, 2 pages, [online]. Retrieved on Nov. 11, 2003. Retrieved from the Internet:<URL:http://www.symantec.com/press/1999
991001.html>. Author unknown. (Cupertino, California).
Toth, et al “Connection-history based anomaly detection” Proceedings of the 2002 IEEE Workshop on Information Assurance and Security. West Point, NY, Jun. 17-19, 2002. pp. 30-35.
Kephart, Jeffrey et al., “An Immune System For Cyberspace” IBM Thomas J. Watson Research Center, IEEE 1997, pp. 879-884.
Symantec Corporation, “Norton AntiVirus Corporate Edition”, 1999, Version 1, pp. 15,22.
Bakos et al., “Early Detection of Internet Warm Activity by Metering ICMP Destination Unreachable Activity.”, Proc. Of SPIE Conference on Sensors, and Command, Control, Communications and Intelligence, Orlando, Apr. 2002.
Abyaneh Ali S
Fenwick & West LLP
Moise Emmanuel L
Symantec Corporation
LandOfFree
Preventing e-mail propagation of malicious computer code does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Preventing e-mail propagation of malicious computer code, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Preventing e-mail propagation of malicious computer code will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2806813