WO2004057435A3 - A method for detecting malicious code in email - Google Patents

A method for detecting malicious code in email Download PDF

Info

Publication number
WO2004057435A3
WO2004057435A3 PCT/IL2003/001048 IL0301048W WO2004057435A3 WO 2004057435 A3 WO2004057435 A3 WO 2004057435A3 IL 0301048 W IL0301048 W IL 0301048W WO 2004057435 A3 WO2004057435 A3 WO 2004057435A3
Authority
WO
WIPO (PCT)
Prior art keywords
malicious code
mail messages
email
detecting malicious
suspicion
Prior art date
Application number
PCT/IL2003/001048
Other languages
French (fr)
Other versions
WO2004057435A2 (en
Inventor
Ofer Elzam
Shimon Gruper
Yanki Margalit
Dany Margalit
Original Assignee
Aladdin Knowledge Systems Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aladdin Knowledge Systems Ltd filed Critical Aladdin Knowledge Systems Ltd
Priority to AU2003285737A priority Critical patent/AU2003285737A1/en
Priority to JP2004561947A priority patent/JP2006517310A/en
Priority to EP03778722A priority patent/EP1573546A2/en
Publication of WO2004057435A2 publication Critical patent/WO2004057435A2/en
Publication of WO2004057435A3 publication Critical patent/WO2004057435A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking

Abstract

The present invention is directed to a method for detecting presence of malicious code in e-mail messages of an organization, and a system therefor. The method comprising: gathering information related to incoming and/or outgoing e-mail messages of the organization (202); analyzing the gathered information in order to find common denominators of the gathered information that may indicate about the presence of malicious code within the messages (203); determining the suspicion of presence of malicious code within the e-mail messages according to the found common denominator, and/or according to the combination of the found common denominators (204); and upon positively determining a suspicion of presence of malicious code within the e-mail messages, activating an alerting procedure (205).
PCT/IL2003/001048 2002-12-21 2003-12-10 A method for detecting malicious code in email WO2004057435A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU2003285737A AU2003285737A1 (en) 2002-12-31 2003-12-10 A method for detecting malicious code in email
JP2004561947A JP2006517310A (en) 2002-12-31 2003-12-10 Method and system for detecting the presence of malicious code in an organization's email message
EP03778722A EP1573546A2 (en) 2002-12-21 2003-12-10 A method and system for detecting presence of malicious code in the e-mail messages of an organization

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/331,543 2002-12-31
US10/331,543 US20040128536A1 (en) 2002-12-31 2002-12-31 Method and system for detecting presence of malicious code in the e-mail messages of an organization

Publications (2)

Publication Number Publication Date
WO2004057435A2 WO2004057435A2 (en) 2004-07-08
WO2004057435A3 true WO2004057435A3 (en) 2004-11-11

Family

ID=32654763

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2003/001048 WO2004057435A2 (en) 2002-12-21 2003-12-10 A method for detecting malicious code in email

Country Status (5)

Country Link
US (1) US20040128536A1 (en)
EP (1) EP1573546A2 (en)
JP (1) JP2006517310A (en)
AU (1) AU2003285737A1 (en)
WO (1) WO2004057435A2 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8271774B1 (en) * 2003-08-11 2012-09-18 Symantec Corporation Circumstantial blocking of incoming network traffic containing code
CA2508304A1 (en) * 2004-05-25 2005-11-25 Northseas Advanced Messaging Technology Inc. Method of and system for management of electronic mail
US8707251B2 (en) * 2004-06-07 2014-04-22 International Business Machines Corporation Buffered viewing of electronic documents
US7343624B1 (en) 2004-07-13 2008-03-11 Sonicwall, Inc. Managing infectious messages as identified by an attachment
US9154511B1 (en) * 2004-07-13 2015-10-06 Dell Software Inc. Time zero detection of infectious messages
US7881700B2 (en) * 2005-09-30 2011-02-01 Ntt Docomo, Inc. Information communication apparatus and message displaying method
EP1936512A4 (en) * 2005-09-30 2009-12-23 Ntt Docomo Inc Information communicating apparatus and message displaying method
US8196204B2 (en) * 2008-05-08 2012-06-05 Lawrence Brent Huston Active computer system defense technology
US8995775B2 (en) * 2011-05-02 2015-03-31 Facebook, Inc. Reducing photo-tagging spam
TWI459232B (en) * 2011-12-02 2014-11-01 Inst Information Industry Phishing site processing method, system and computer readable storage medium storing the method
US20140358939A1 (en) * 2013-05-31 2014-12-04 Emailvision Holdings Limited List hygiene tool

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6701440B1 (en) * 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device
US6763462B1 (en) * 1999-10-05 2004-07-13 Micron Technology, Inc. E-mail virus detection utility

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020095607A1 (en) * 2001-01-18 2002-07-18 Catherine Lin-Hendel Security protection for computers and computer-networks
JP2002223256A (en) * 2001-01-29 2002-08-09 Fujitsu Ltd Computer program for e-mail virus detection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6763462B1 (en) * 1999-10-05 2004-07-13 Micron Technology, Inc. E-mail virus detection utility
US6701440B1 (en) * 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device

Also Published As

Publication number Publication date
JP2006517310A (en) 2006-07-20
WO2004057435A2 (en) 2004-07-08
AU2003285737A8 (en) 2004-07-14
EP1573546A2 (en) 2005-09-14
US20040128536A1 (en) 2004-07-01
AU2003285737A1 (en) 2004-07-14

Similar Documents

Publication Publication Date Title
AU2001270763A1 (en) Method of and system for, processing email
CA2436086A1 (en) Context aware call handling system
WO2004057435A3 (en) A method for detecting malicious code in email
WO2006134589A3 (en) A method and system for detecting blocking and removing spyware
DE60210269D1 (en) METHOD AND SYSTEM FOR COMBATING ROBOTS AND ROGUES
HK1034832A1 (en) Method and system for filtering unsolicited electronic mail messages using data matching and heuristic processing.
US20030212913A1 (en) System and method for detecting a potentially malicious executable file
WO2006014804A3 (en) Messaging spam detection
BR0318024A (en) Adaptive Junk Mail Filtering System
AU2002245723A1 (en) Encrypted e-mail reader and responder system, method, and computer program product
WO2007046844A3 (en) System and method for visual representation of a catastrophic event and coordination of response
WO2006119509A3 (en) Identifying threats in electronic messages
WO2004019574A3 (en) System for prevention of undesirable internet content
EP1494427A3 (en) Signature extraction system and method
WO2002071286A3 (en) A method of, and system for, processing email in particular to detect unsolicited bulk email
EP0951866A3 (en) Breath sound detection in the presence of ambient noise
WO2002086710A3 (en) Software suitability testing system
AU2002248205A1 (en) Chemical or biological attack detection and mitigation system
EP2372954A3 (en) Method and system for collecting information relating to a communication network
TR200103664T2 (en) Attenuated pestiviruses
WO2002016672A3 (en) Method of detecting a short incident during electrochemical processing and a system therefor
WO2002050715A3 (en) Default address matching system
EP1504323B8 (en) Method and system for analyzing and addressing alarms from network intrusion detection systems
PT833847E (en) CD40 CONNECTING FRAGMENT CRYSTALS AND USING IT
Johnston Is Your E-Mail Safe From Intruders?

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2003778722

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2004561947

Country of ref document: JP

WWP Wipo information: published in national office

Ref document number: 2003778722

Country of ref document: EP

CFP Corrected version of a pamphlet front page
CR1 Correction of entry in section i

Free format text: IN PCT GAZETTE 28/2004 UNDER (30) REPLACE "21 DECEMBER 2002 (21.12.2002)" BY "31 DECEMBER 2002 (31.12.2002)"