首页>
外国专利>
Method and system for detecting malware containing E-mails based on inconsistencies in public sector “From” addresses and a sending IP address
Method and system for detecting malware containing E-mails based on inconsistencies in public sector “From” addresses and a sending IP address
展开▼
机译:基于公共部门“发件人”地址和发送方IP地址不一致的检测包含电子邮件的恶意软件的方法和系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method and apparatus for detecting malware containing e-mails based on inconsistencies between a governmental agency “From” address and a sending IP address whereby an incoming e-mail is analyzed to determine if the incoming e-mail includes a “From” address having a domain suffix that is normally associated with a governmental agency, such as a .gov, .gov.uk, .go.jp, or any similar governmental domain suffix. The connecting IP address or IP addresses within the received headers associated with the incoming e-mail are then analyzed to determine the geographical locations through which the incoming e-mail passed. If the geographical locations associated with these sending IP addresses of the incoming e-mail are not consistent with the country indicated by the domain suffix in the governmental “From” address of the incoming e-mail then the protective action is taken.
展开▼