GB2364142A - Detection of an email virus by adding a trap address to email address lists - Google Patents

Detection of an email virus by adding a trap address to email address lists Download PDF

Info

Publication number
GB2364142A
GB2364142A GB0015821A GB0015821A GB2364142A GB 2364142 A GB2364142 A GB 2364142A GB 0015821 A GB0015821 A GB 0015821A GB 0015821 A GB0015821 A GB 0015821A GB 2364142 A GB2364142 A GB 2364142A
Authority
GB
United Kingdom
Prior art keywords
email
virus
address
notification system
virus notification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0015821A
Other versions
GB0015821D0 (en
Inventor
Robert Morris
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0015821A priority Critical patent/GB2364142A/en
Publication of GB0015821D0 publication Critical patent/GB0015821D0/en
Publication of GB2364142A publication Critical patent/GB2364142A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/107Computer-aided management of electronic mailing [e-mailing]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/224Monitoring or handling of messages providing notification on incoming messages, e.g. pushed notifications of received messages

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Human Resources & Organizations (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Tourism & Hospitality (AREA)
  • Data Mining & Analysis (AREA)
  • Economics (AREA)
  • Quality & Reliability (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Business, Economics & Management (AREA)
  • Operations Research (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Marketing (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The address of a virus notification program on a email server is added to the address book of all computers covered by the detection service. When an email virus is active, it propagates by sending further emails to all addresses in the infected computer's email address book. If the virus notification program receives an email at this address then it concludes that a virus is active and warns the user or administrator. The server may halt the transmission of all email messages from the local network. Outgoing messages may be queued for a short time so that their transmission can be halted when a virus is detected. The virus notification program may be located at an internet site.

Description

2364142
Description
An email virus notification system Field
This invention relates to the detection of a computer virus which propagates through email Background
An address book, in the context of email software, is a list of persons, together with their email addresses, kept by the email program to enable the user to send messages to these persons without having to memorise or independently keep a record of their addresses.
An email virus is a computer program which, once it has taken control of the user's computer, sends a copy of itself to those addresses listed in the address book, without the user's consent, in order to propagate itself In many cases the virus will then go on to cause malicious damage to the computer system.
Essential Features The present invention provides the user (or a nominated other person, Eg computer system administrator) with a warning that a virus has propagated itself using the user's address book, or, in some implementations, could be used to prevent the email messages containing the virus from leaving the local network on which the infected computer is located, and hence halt the propagation of the virus.
In order for this invention to function, a computer program must be written and installed on a mail server computer, which will respond to any messages it receives by sending out a warning message, or taking other action (such as that described in Example 2 below) The exact address assigned to the program is unimportant, so long as it is not used for any other purpose.
The users who wish to be covered by the invention then add this address to their email address book In the event of an email virus infecting their computer, the virus will send a copy of itself to, amongst others, the program mentioned above, which will result in a warning message being issued, or other action being executed.
Page 1 Example 1
The following is a description of the invention used as an email virus notification system provided as a public service on the Internet.
A server computer on the Internet is set up with a program containing the invention Upon joining the service, users are instructed to put this program's email address in their email address book, as previously discussed When the program is triggered by the receipt of an email from a virus, it sends an email message back to the user (or a person nominated by the user when they joined the service) warning them of the presence of a virus in their email system.
Example 2
The following is a description of the invention used as an email virus notification and propagation prevention system in a local area network (LAN) environment.
It is industry standard practice for a series of computers within an organisation to be connected together on a LAN, and for all email messages sent from these computers to be sent via a server computer on the LAN (and not directly to the recipient) In this environment, the invention would function as a warning system in the same manner as described above, but in addition could be used to prevent propagation of the virus.
The mail server computer, through which all email messages from any of the computers on the LAN must pass, is set up to store outgoing messages in a queue for a short time (perhaps only a few minutes) before sending them on to their destination When the program containing the invention, running on this server, is triggered, it temporarily disables the delivery of messages in the queue, and informs the system administrator of the presence of the virus The system administrator can then check the messages in the queue, and remove any copies of the virus contained therein, thus preventing propagation of the virus Thereafter the system administrator would reset the mail server to normal operation.
Page 2

Claims (6)

  1. Claims
    An email virus notification system 1 An email virus notification system which triggers on receipt of an email message delivered to its address, where that email address has been listed in the email address book on those computers which are being covered by the virus notification system.
  2. 2 An email virus notification system as claimed in Claim 1, where upon being triggered an email message is sent back to the user to inform them of the presence of the virus.
  3. 3 An email virus notification system as claimed in Claim 1, where upon being triggered an email message is sent to a system administrator or other nominated person to inform them of the presence of the virus.
  4. 4 An email virus notification and propagation prevention system as claimed in Claim 1, where upon being triggered the program stops email messages queued for delivery from being sent, and alerts the system administrator or other personnel (by email or any other means), so as to enable this person to remove the virus and thereby halt its propagation.
  5. An email virus notification system implemented substantially in the manner described in Example 1 herein.
  6. 6 An email virus notification and propagation prevention system implemented substantially in the manner described in Example 2 herein.
    Page 3
GB0015821A 2000-06-28 2000-06-28 Detection of an email virus by adding a trap address to email address lists Withdrawn GB2364142A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0015821A GB2364142A (en) 2000-06-28 2000-06-28 Detection of an email virus by adding a trap address to email address lists

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0015821A GB2364142A (en) 2000-06-28 2000-06-28 Detection of an email virus by adding a trap address to email address lists

Publications (2)

Publication Number Publication Date
GB0015821D0 GB0015821D0 (en) 2000-08-23
GB2364142A true GB2364142A (en) 2002-01-16

Family

ID=9894568

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0015821A Withdrawn GB2364142A (en) 2000-06-28 2000-06-28 Detection of an email virus by adding a trap address to email address lists

Country Status (1)

Country Link
GB (1) GB2364142A (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002084459A1 (en) * 2001-04-10 2002-10-24 International Business Machines Corporation Detection of computer viruses on a network using a bait server
WO2003056409A2 (en) * 2001-12-22 2003-07-10 Koninklijke Philips Electronics N.V. Dealing with a computer virus which self-propagates by email
WO2003069449A2 (en) * 2002-02-13 2003-08-21 Levin Lawrence R Computer virus control
EP1385303A2 (en) * 2002-07-22 2004-01-28 Symantec Corporation Method and device for preventing malicious computer code from propagating
US7089591B1 (en) 1999-07-30 2006-08-08 Symantec Corporation Generic detection and elimination of marco viruses
US7155742B1 (en) 2002-05-16 2006-12-26 Symantec Corporation Countering infections to communications modules
US7159149B2 (en) 2002-10-24 2007-01-02 Symantec Corporation Heuristic detection and termination of fast spreading network worm attacks
US7237008B1 (en) * 2002-05-10 2007-06-26 Mcafee, Inc. Detecting malware carried by an e-mail message
US7296293B2 (en) 2002-12-31 2007-11-13 Symantec Corporation Using a benevolent worm to assess and correct computer security vulnerabilities
US20070289018A1 (en) * 2006-06-08 2007-12-13 Microsoft Corporation Resource indicator trap doors for detecting and stopping malware propagation
US7370233B1 (en) 2004-05-21 2008-05-06 Symantec Corporation Verification of desired end-state using a virtual machine environment
US7418729B2 (en) 2002-07-19 2008-08-26 Symantec Corporation Heuristic detection of malicious computer code by page tracking
US7441042B1 (en) 2004-08-25 2008-10-21 Symanetc Corporation System and method for correlating network traffic and corresponding file input/output traffic
US7478431B1 (en) 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US7631353B2 (en) 2002-12-17 2009-12-08 Symantec Corporation Blocking replication of e-mail worms
US7690034B1 (en) 2004-09-10 2010-03-30 Symantec Corporation Using behavior blocking mobility tokens to facilitate distributed worm detection
US8104086B1 (en) 2005-03-03 2012-01-24 Symantec Corporation Heuristically detecting spyware/adware registry activity
US8271774B1 (en) 2003-08-11 2012-09-18 Symantec Corporation Circumstantial blocking of incoming network traffic containing code
US8763076B1 (en) 2006-06-30 2014-06-24 Symantec Corporation Endpoint management using trust rating data

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7089591B1 (en) 1999-07-30 2006-08-08 Symantec Corporation Generic detection and elimination of marco viruses
WO2002084459A1 (en) * 2001-04-10 2002-10-24 International Business Machines Corporation Detection of computer viruses on a network using a bait server
US7089589B2 (en) 2001-04-10 2006-08-08 Lenovo (Singapore) Pte. Ltd. Method and apparatus for the detection, notification, and elimination of certain computer viruses on a network using a promiscuous system as bait
WO2003056409A2 (en) * 2001-12-22 2003-07-10 Koninklijke Philips Electronics N.V. Dealing with a computer virus which self-propagates by email
WO2003056409A3 (en) * 2001-12-22 2003-12-18 Koninkl Philips Electronics Nv Dealing with a computer virus which self-propagates by email
WO2003069449A2 (en) * 2002-02-13 2003-08-21 Levin Lawrence R Computer virus control
WO2003069449A3 (en) * 2002-02-13 2004-04-22 Lawrence R Levin Computer virus control
US8510839B2 (en) 2002-05-10 2013-08-13 Mcafee, Inc. Detecting malware carried by an E-mail message
US7237008B1 (en) * 2002-05-10 2007-06-26 Mcafee, Inc. Detecting malware carried by an e-mail message
US7155742B1 (en) 2002-05-16 2006-12-26 Symantec Corporation Countering infections to communications modules
US7418729B2 (en) 2002-07-19 2008-08-26 Symantec Corporation Heuristic detection of malicious computer code by page tracking
US7380277B2 (en) 2002-07-22 2008-05-27 Symantec Corporation Preventing e-mail propagation of malicious computer code
EP1385303A3 (en) * 2002-07-22 2005-11-09 Symantec Corporation Method and device for preventing malicious computer code from propagating
EP1385303A2 (en) * 2002-07-22 2004-01-28 Symantec Corporation Method and device for preventing malicious computer code from propagating
US7478431B1 (en) 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US7159149B2 (en) 2002-10-24 2007-01-02 Symantec Corporation Heuristic detection and termination of fast spreading network worm attacks
US7631353B2 (en) 2002-12-17 2009-12-08 Symantec Corporation Blocking replication of e-mail worms
US7296293B2 (en) 2002-12-31 2007-11-13 Symantec Corporation Using a benevolent worm to assess and correct computer security vulnerabilities
US8271774B1 (en) 2003-08-11 2012-09-18 Symantec Corporation Circumstantial blocking of incoming network traffic containing code
US7370233B1 (en) 2004-05-21 2008-05-06 Symantec Corporation Verification of desired end-state using a virtual machine environment
US7441042B1 (en) 2004-08-25 2008-10-21 Symanetc Corporation System and method for correlating network traffic and corresponding file input/output traffic
US7690034B1 (en) 2004-09-10 2010-03-30 Symantec Corporation Using behavior blocking mobility tokens to facilitate distributed worm detection
US8104086B1 (en) 2005-03-03 2012-01-24 Symantec Corporation Heuristically detecting spyware/adware registry activity
US20070289018A1 (en) * 2006-06-08 2007-12-13 Microsoft Corporation Resource indicator trap doors for detecting and stopping malware propagation
US8667581B2 (en) * 2006-06-08 2014-03-04 Microsoft Corporation Resource indicator trap doors for detecting and stopping malware propagation
US8763076B1 (en) 2006-06-30 2014-06-24 Symantec Corporation Endpoint management using trust rating data

Also Published As

Publication number Publication date
GB0015821D0 (en) 2000-08-23

Similar Documents

Publication Publication Date Title
GB2364142A (en) Detection of an email virus by adding a trap address to email address lists
US7673342B2 (en) Detecting e-mail propagated malware
KR100554903B1 (en) Anti-virus agent for use with databases and mail servers
US6851058B1 (en) Priority-based virus scanning with priorities based at least in part on heuristic prediction of scanning risk
CA2581062C (en) System and method for disaster recovery and management of an email system
US7832012B2 (en) Method and system for isolating suspicious email
US7237008B1 (en) Detecting malware carried by an e-mail message
US8347390B2 (en) Wireless communication system congestion reduction system and method
US7748038B2 (en) Method and apparatus for managing computer virus outbreaks
JP5118020B2 (en) Identifying threats in electronic messages
US7263561B1 (en) Systems and methods for making electronic files that have been converted to a safe format available for viewing by an intended recipient
US6691156B1 (en) Method for restricting delivery of unsolicited E-mail
GB2367714A (en) Monitoring e-mail traffic for viruses
JP2959546B2 (en) Local area network management system
JPH11134190A (en) System and method for detecting and reporting virus and storage medium stored with program regarding same method
KR100461984B1 (en) Method for detecting Email virus and inducing clients to cure the detected virus
JP2009075665A (en) Electronic mail system

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)