WO2005124600A3 - Method and apparatus for detecting suspicious, deceptive, and dangerous links in electronic messages - Google Patents

Method and apparatus for detecting suspicious, deceptive, and dangerous links in electronic messages Download PDF

Info

Publication number
WO2005124600A3
WO2005124600A3 PCT/US2005/020467 US2005020467W WO2005124600A3 WO 2005124600 A3 WO2005124600 A3 WO 2005124600A3 US 2005020467 W US2005020467 W US 2005020467W WO 2005124600 A3 WO2005124600 A3 WO 2005124600A3
Authority
WO
WIPO (PCT)
Prior art keywords
analysis
links
deceptive
electronic messages
detecting suspicious
Prior art date
Application number
PCT/US2005/020467
Other languages
French (fr)
Other versions
WO2005124600A2 (en
Inventor
Steven Dorner
Randall Coleman Gellens
Original Assignee
Qualcomm Inc
Steven Dorner
Randall Coleman Gellens
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc, Steven Dorner, Randall Coleman Gellens filed Critical Qualcomm Inc
Priority to JP2007527762A priority Critical patent/JP2008506210A/en
Publication of WO2005124600A2 publication Critical patent/WO2005124600A2/en
Publication of WO2005124600A3 publication Critical patent/WO2005124600A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Abstract

Described are apparatus and methods for the analysis of characteristics of links intended to deceive a message (180) recipient. The analysis can be employed at the receiving client (160), an intermediate server (110), or at other points to help protect the user from frau without blocking legitimate content. For example, this analysis can be used to warn users attempting to follow such links. This analysis can also be used to mark the links in an indicative way on display. This analysis can also be used as input to spare-scoring algorithms.
PCT/US2005/020467 2004-06-10 2005-06-10 Method and apparatus for detecting suspicious, deceptive, and dangerous links in electronic messages WO2005124600A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2007527762A JP2008506210A (en) 2004-06-10 2005-06-10 Method and apparatus for detecting suspicious, deceptive and dangerous links in electronic messages

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US57902304P 2004-06-10 2004-06-10
US60/579,023 2004-06-10
US11/147,807 2005-06-07
US11/147,807 US20050289148A1 (en) 2004-06-10 2005-06-07 Method and apparatus for detecting suspicious, deceptive, and dangerous links in electronic messages

Publications (2)

Publication Number Publication Date
WO2005124600A2 WO2005124600A2 (en) 2005-12-29
WO2005124600A3 true WO2005124600A3 (en) 2008-09-12

Family

ID=35507325

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/020467 WO2005124600A2 (en) 2004-06-10 2005-06-10 Method and apparatus for detecting suspicious, deceptive, and dangerous links in electronic messages

Country Status (3)

Country Link
US (1) US20050289148A1 (en)
JP (1) JP2008506210A (en)
WO (1) WO2005124600A2 (en)

Families Citing this family (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7428590B2 (en) 2002-06-10 2008-09-23 Akonix Systems, Inc. Systems and methods for reflecting messages associated with a target protocol within a network
US20080196099A1 (en) * 2002-06-10 2008-08-14 Akonix Systems, Inc. Systems and methods for detecting and blocking malicious content in instant messages
US7913302B2 (en) 2004-05-02 2011-03-22 Markmonitor, Inc. Advanced responses to online fraud
US8769671B2 (en) * 2004-05-02 2014-07-01 Markmonitor Inc. Online fraud solution
US9203648B2 (en) 2004-05-02 2015-12-01 Thomson Reuters Global Resources Online fraud solution
US7457823B2 (en) 2004-05-02 2008-11-25 Markmonitor Inc. Methods and systems for analyzing data related to possible online fraud
US8041769B2 (en) 2004-05-02 2011-10-18 Markmonitor Inc. Generating phish messages
US7870608B2 (en) 2004-05-02 2011-01-11 Markmonitor, Inc. Early detection and monitoring of online fraud
US7992204B2 (en) 2004-05-02 2011-08-02 Markmonitor, Inc. Enhanced responses to online fraud
US8707251B2 (en) * 2004-06-07 2014-04-22 International Business Machines Corporation Buffered viewing of electronic documents
US9154511B1 (en) 2004-07-13 2015-10-06 Dell Software Inc. Time zero detection of infectious messages
US7343624B1 (en) 2004-07-13 2008-03-11 Sonicwall, Inc. Managing infectious messages as identified by an attachment
US8495144B1 (en) * 2004-10-06 2013-07-23 Trend Micro Incorporated Techniques for identifying spam e-mail
US8438499B2 (en) 2005-05-03 2013-05-07 Mcafee, Inc. Indicating website reputations during user interactions
US20060253584A1 (en) * 2005-05-03 2006-11-09 Dixon Christopher J Reputation of an entity associated with a content item
US9384345B2 (en) 2005-05-03 2016-07-05 Mcafee, Inc. Providing alternative web content based on website reputation assessment
US7975297B2 (en) * 2005-08-16 2011-07-05 Microsoft Corporation Anti-phishing protection
US7908329B2 (en) * 2005-08-16 2011-03-15 Microsoft Corporation Enhanced e-mail folder security
GB2448271A (en) * 2006-01-25 2008-10-08 Simplicita Software Inc DNS traffic switch
JP4682855B2 (en) * 2006-01-30 2011-05-11 日本電気株式会社 System, method, program, and mail receiver for preventing unauthorized site guidance
US8028335B2 (en) * 2006-06-19 2011-09-27 Microsoft Corporation Protected environments for protecting users against undesirable activities
JP5026781B2 (en) * 2006-12-25 2012-09-19 キヤノンソフトウェア株式会社 Information processing apparatus, pop-up window display control method, program, and recording medium
DE102007045909A1 (en) * 2007-09-26 2009-08-06 T-Mobile Internationale Ag Method for protection against viruses / spam in mobile networks
US8010482B2 (en) * 2008-03-03 2011-08-30 Microsoft Corporation Locally computable spam detection features and robust pagerank
JP5166094B2 (en) * 2008-03-27 2013-03-21 株式会社野村総合研究所 Communication relay device, web terminal, mail server device, electronic mail terminal, and site check program
US20100042687A1 (en) * 2008-08-12 2010-02-18 Yahoo! Inc. System and method for combating phishing
JP2011013707A (en) * 2009-06-30 2011-01-20 Hitachi Ltd Web page relay apparatus
US8938508B1 (en) * 2010-07-22 2015-01-20 Symantec Corporation Correlating web and email attributes to detect spam
US8700913B1 (en) 2011-09-23 2014-04-15 Trend Micro Incorporated Detection of fake antivirus in computers
WO2014172881A1 (en) * 2013-04-25 2014-10-30 Tencent Technology (Shenzhen) Company Limited Preventing identity fraud for instant messaging
US20140380472A1 (en) * 2013-06-24 2014-12-25 Lenovo (Singapore) Pte. Ltd. Malicious embedded hyperlink detection
US9286402B2 (en) * 2013-07-03 2016-03-15 Majestic-12 Ltd System for detecting link spam, a method, and an associated computer readable medium
JP5930217B2 (en) 2013-10-03 2016-06-08 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation Method for detecting expressions that can be dangerous expressions depending on a specific theme, electronic device for detecting the expressions, and program for the electronic device
US9396170B2 (en) * 2013-11-11 2016-07-19 Globalfoundries Inc. Hyperlink data presentation
JP5973413B2 (en) * 2013-11-26 2016-08-23 ビッグローブ株式会社 Terminal device, WEB mail server, safety confirmation method, and safety confirmation program
KR102150624B1 (en) 2014-07-01 2020-09-01 삼성전자 주식회사 Method and apparatus for notifying smishing
JP6759610B2 (en) * 2016-02-04 2020-09-23 富士通株式会社 Safety judgment device, safety judgment program and safety judgment method
US10601778B2 (en) * 2016-09-15 2020-03-24 Arbor Networks, Inc. Visualization of traffic flowing through a host
CN106791050A (en) * 2016-12-06 2017-05-31 深圳市金立通信设备有限公司 A kind of Website logging method and terminal
US10339310B1 (en) * 2017-07-12 2019-07-02 Symantec Corporation Detection of malicious attachments on messages
JP7187902B2 (en) * 2018-08-31 2022-12-13 コニカミノルタ株式会社 Data processor, data output method and data output program
GB201911459D0 (en) 2019-08-09 2019-09-25 Majestic 12 Ltd Systems and methods for analysing information content
US20220138191A1 (en) * 2020-11-05 2022-05-05 People.ai, Inc. Systems and methods for matching electronic activities with whitespace domains to record objects in a multi-tenant system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6182146B1 (en) * 1997-06-27 2001-01-30 Compuware Corporation Automatic identification of application protocols through dynamic mapping of application-port associations
US6725413B1 (en) * 1999-07-15 2004-04-20 Seiko Epson Corporation Data transfer control device and electronic equipment

Family Cites Families (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6393465B2 (en) * 1997-11-25 2002-05-21 Nixmail Corporation Junk electronic mail detector and eliminator
US8412778B2 (en) * 1997-11-25 2013-04-02 Robert G. Leeds Junk electronic mail detector and eliminator
US6654787B1 (en) * 1998-12-31 2003-11-25 Brightmail, Incorporated Method and apparatus for filtering e-mail
US6330590B1 (en) * 1999-01-05 2001-12-11 William D. Cotten Preventing delivery of unwanted bulk e-mail
US6671718B1 (en) * 1999-06-28 2003-12-30 Mark Meister Email client application incorporating an active transmit authorization request
US6400810B1 (en) * 1999-07-20 2002-06-04 Ameritech Corporation Method and system for selective notification of E-mail messages
US6321267B1 (en) * 1999-11-23 2001-11-20 Escom Corporation Method and apparatus for filtering junk email
US6691156B1 (en) * 2000-03-10 2004-02-10 International Business Machines Corporation Method for restricting delivery of unsolicited E-mail
US20040034794A1 (en) * 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US6995273B2 (en) * 2000-06-09 2006-02-07 Fuji Photo Film Co., Ltd. 1H-pyrazolo[1,5-b]-1,2,4-triazole compound, coupler and silver halide color photographic light-sensitive material
US6772196B1 (en) * 2000-07-27 2004-08-03 Propel Software Corp. Electronic mail filtering system and methods
US6779021B1 (en) * 2000-07-28 2004-08-17 International Business Machines Corporation Method and system for predicting and managing undesirable electronic mail
US6650890B1 (en) * 2000-09-29 2003-11-18 Postini, Inc. Value-added electronic messaging services and transparent implementation thereof using intermediate server
US6757830B1 (en) * 2000-10-03 2004-06-29 Networks Associates Technology, Inc. Detecting unwanted properties in received email messages
US6622909B1 (en) * 2000-10-24 2003-09-23 Ncr Corporation Mining data from communications filtering request
GB2373130B (en) * 2001-03-05 2004-09-22 Messagelabs Ltd Method of,and system for,processing email in particular to detect unsolicited bulk email
US6769016B2 (en) * 2001-07-26 2004-07-27 Networks Associates Technology, Inc. Intelligent SPAM detection system using an updateable neural analysis engine
US20040158540A1 (en) * 2002-01-31 2004-08-12 Cashette, Inc. Spam control system requiring unauthorized senders to pay postage through an internet payment service with provision for refund on accepted messages
JP4593926B2 (en) * 2002-02-19 2010-12-08 ポスティーニ インク Email management service
CA2478299C (en) * 2002-03-08 2012-05-22 Ciphertrust, Inc. Systems and methods for enhancing electronic communication security
US20030172291A1 (en) * 2002-03-08 2003-09-11 Paul Judge Systems and methods for automated whitelisting in monitored communications
US20030195937A1 (en) * 2002-04-16 2003-10-16 Kontact Software Inc. Intelligent message screening
US20030204569A1 (en) * 2002-04-29 2003-10-30 Michael R. Andrews Method and apparatus for filtering e-mail infected with a previously unidentified computer virus
KR100460322B1 (en) * 2002-05-31 2004-12-08 (주) 시큐컴 System and Method for preventing spam mails
US20040054741A1 (en) * 2002-06-17 2004-03-18 Mailport25, Inc. System and method for automatically limiting unwanted and/or unsolicited communication through verification
US8046832B2 (en) * 2002-06-26 2011-10-25 Microsoft Corporation Spam detector with challenges
US8495503B2 (en) * 2002-06-27 2013-07-23 International Business Machines Corporation Indicating the context of a communication
US8924484B2 (en) * 2002-07-16 2014-12-30 Sonicwall, Inc. Active e-mail filter with challenge-response
GB2391964B (en) * 2002-08-14 2006-05-03 Messagelabs Ltd Method of and system for scanning electronic documents which contain links to external objects
US7363490B2 (en) * 2002-09-12 2008-04-22 International Business Machines Corporation Method and system for selective email acceptance via encoded email identifiers
US20040068543A1 (en) * 2002-10-03 2004-04-08 Ralph Seifert Method and apparatus for processing e-mail
US20040078422A1 (en) * 2002-10-17 2004-04-22 Toomey Christopher Newell Detecting and blocking spoofed Web login pages
US7293065B2 (en) * 2002-11-20 2007-11-06 Return Path Method of electronic message delivery with penalties for unsolicited messages
US7373664B2 (en) * 2002-12-16 2008-05-13 Symantec Corporation Proactive protection against e-mail worms and spam
US20040128355A1 (en) * 2002-12-25 2004-07-01 Kuo-Jen Chao Community-based message classification and self-amending system for a messaging system
US20040249895A1 (en) * 2003-03-21 2004-12-09 Way Gregory G. Method for rejecting SPAM email and for authenticating source addresses in email servers
US7320020B2 (en) * 2003-04-17 2008-01-15 The Go Daddy Group, Inc. Mail server probability spam filter
US20040221016A1 (en) * 2003-05-01 2004-11-04 Hatch James A. Method and apparatus for preventing transmission of unwanted email
US7383306B2 (en) * 2003-07-31 2008-06-03 Hewlett-Packard Development Company, L.P. System and method for selectively increasing message transaction costs
US7451487B2 (en) * 2003-09-08 2008-11-11 Sonicwall, Inc. Fraudulent message detection
US8769671B2 (en) * 2004-05-02 2014-07-01 Markmonitor Inc. Online fraud solution
US7343624B1 (en) * 2004-07-13 2008-03-11 Sonicwall, Inc. Managing infectious messages as identified by an attachment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6182146B1 (en) * 1997-06-27 2001-01-30 Compuware Corporation Automatic identification of application protocols through dynamic mapping of application-port associations
US6725413B1 (en) * 1999-07-15 2004-04-20 Seiko Epson Corporation Data transfer control device and electronic equipment

Also Published As

Publication number Publication date
JP2008506210A (en) 2008-02-28
US20050289148A1 (en) 2005-12-29
WO2005124600A2 (en) 2005-12-29

Similar Documents

Publication Publication Date Title
WO2005124600A3 (en) Method and apparatus for detecting suspicious, deceptive, and dangerous links in electronic messages
WO2006017105A3 (en) Apparatus for partial authentication of messages
WO2006019726A3 (en) System and method for detecting computer virus
WO2004088477A3 (en) Apparatus and method for network vulnerability detection and compliance assessment
SI1696619T1 (en) Method and device for spam detection
WO2002005072A3 (en) Method of and system for, processing email
WO2009064579A3 (en) Trust based moderation
WO2004104747A3 (en) Document modification detection and prevention
WO2004019574A3 (en) System for prevention of undesirable internet content
Stembert et al. A study of preventing email (spear) phishing by enabling human intelligence
WO2006063003A3 (en) Network and application attack protection based on application layer message inspection
MY144418A (en) Verifying human interaction to a computer entity by way of a trusted component on a computing device or the like
WO2006049814A3 (en) Intrusion detection in a data center environment
WO2004105332A3 (en) Method and apparatus for filtering email spam based on similarity measures
GB0517303D0 (en) System and method for processing secure transmissions
HK1076883A1 (en) Trusted system clock
EP1496655A3 (en) Prevention of outgoing spam
EP1427133A3 (en) System, method and device for security processing of data packets
JP2006285844A5 (en)
EP1458132A3 (en) Peer-to-peer communication apparatus and communication method
EP1580957A3 (en) Method and apparatus for rapid location of anomalies in IP traffic logs
WO2008069945A3 (en) System and method of analyzing web addresses
WO2001065330A3 (en) System for determining web application vulnerabilities
WO2008054849A3 (en) Systems and methods for detection of session tampering and fraud prevention
WO2005010692A3 (en) System and method for identifying and filtering junk e-mail messages or spam based on url content

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2007527762

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase
DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)