公开(公告)号：US20110296524A1

公开(公告)日：2011-12-01

申请号：US12789250

申请日：2010-05-27

申请人： Douglas J. Hines ,  Mihai Costea ,  Yuxiang Xu ,  Harsh S. Dangayach ,  Krishna Vitaldevara ,  Eliot C. Gillum ,  Jason D. Walter ,  Aleksander R. Kolcz

发明人： Douglas J. Hines ,  Mihai Costea ,  Yuxiang Xu ,  Harsh S. Dangayach ,  Krishna Vitaldevara ,  Eliot C. Gillum ,  Jason D. Walter ,  Aleksander R. Kolcz

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： G06F21/552

摘要： Campaign detection techniques are described. In implementations, a signature is computed for each of a plurality of emails to be communicated by a service provider to respective intended recipients. A determination is made that two or more of the plurality of emails is similar based on the respective signatures. Responsive to a finding that a number of similar emails exceeds a threshold, an indication is output that the similar emails have a likelihood of being involved in a spam campaign.

摘要翻译： 描述了运动检测技术。 在实现中，针对要由服务提供商传送到各个预期接收者的多个电子邮件中的每一个计算签名。 基于相应的签名确定多个电子邮件中的两个或多个是相似的。 响应于一些类似的电子邮件超过阈值的发现，输出了类似的电子邮件可能涉及垃圾邮件活动的指示。

公开(公告)号：US08010612B2

公开(公告)日：2011-08-30

申请号：US11736487

申请日：2007-04-17

申请人： Mihai Costea ,  Jeffrey B. Kay ,  Jesse Dougherty ,  Mayerber Carvalho Neto ,  Jain Chandresh ,  Mayank Mehta

发明人： Mihai Costea ,  Jeffrey B. Kay ,  Jesse Dougherty ,  Mayerber Carvalho Neto ,  Jain Chandresh ,  Mayank Mehta

IPC分类号： G06F15/16

CPC分类号： H04L51/12 ,  H04L51/28

摘要： Systems for providing sign-up email addresses are disclosed herein. A user may set up a sign-up email address for receiving emails from a trusted, Internet-based enterprise. The user may set up a dedicated mailbox folder associated with the sign-up email address or enterprise. The email server may automatically direct emails coming from that enterprise into that folder. To “unsubscribe,” the user needs only to delete the folder or the sign-up address. Emails from the enterprise to the sign-up address may be highlighted in the user's main inbox. Thus, the user may be assured that any such email is truly from the enterprise, and not a phishing expedition or spam. Such systems also provide the user with effective tools to recognize phish or spam emails that appear to be from the trusted enterprise and not to act on them.

摘要翻译： 本文公开了用于提供注册电子邮件地址的系统。 用户可以设置注册电子邮件地址来接收来自受信任的基于互联网的企业的电子邮件。 用户可以设置与注册电子邮件地址或企业相关联的专用邮箱文件夹。 电子邮件服务器可以自动将来自该企业的电子邮件引导到该文件夹​​中。 要“取消订阅”，用户只需删除该文件夹或注册地址即可。 电子邮件从企业到注册地址可能会在用户的主收件箱中突出显示。 因此，用户可以放心，任何这样的电子邮件真的来自企业，而不是网络钓鱼攻击或垃圾邮件。 这样的系统还为用户提供了有效的工具来识别似乎来自受信企业的网络钓鱼或垃圾邮件，而不是对它们采取行动。

公开(公告)号：US07774413B2

公开(公告)日：2010-08-10

申请号：US11215823

申请日：2005-08-30

申请人： Mihai Costea ,  Daniel D. Longley ,  Malcolm E. Pearson

发明人： Mihai Costea ,  Daniel D. Longley ,  Malcolm E. Pearson

IPC分类号： G06F15/16

CPC分类号： H04L51/12 ,  H04L63/1408 ,  H04L63/145

摘要： Techniques for eliminating duplicate/redundant scanning of email messages while the email message traverses the various servers within an email infrastructure are provided. Some techniques utilize a message hygiene stamp that is transported with the email message as the email message enters an enterprise and is routed within the enterprise until the email message reaches the end user inbox. The filters comprise logic that enables the filters to annotate the result of their filtering or other processing in corresponding message hygiene stamps. The message hygiene stamps allow the filters to determine whether the email message has already been processed by the filter within the email infrastructure.

摘要翻译： 提供了在电子邮件消息遍历电子邮件基础结构中的各种服务器时消除电子邮件的重复/冗余扫描的技术。 一些技术利用随着电子邮件消息进入企业而被传送的消息卫生信息，并且在企业内路由，直到电子邮件消息到达最终用户收件箱。 滤波器包括逻辑，使得滤波器能够在相应的消息卫生标签中注释其滤波或其他处理的结果。 消息卫生标签允许过滤器确定电子邮件基础结构中的过滤器是否已经处理了电子邮件消息。

公开(公告)号：US20070282953A1

公开(公告)日：2007-12-06

申请号：US11421367

申请日：2006-05-31

申请人： Chandresh K. Jain ,  Malcolm E. Pearson ,  Nathan F. Waddoups ,  Mihai Costea ,  Eric D. Tribble

发明人： Chandresh K. Jain ,  Malcolm E. Pearson ,  Nathan F. Waddoups ,  Mihai Costea ,  Eric D. Tribble

IPC分类号： G06F15/16

CPC分类号： G06Q10/107 ,  H04L51/12 ,  H04L63/0227 ,  H04L67/306

摘要： Propagating messaging preferences of one or more users from a recipient mailbox to a perimeter network administering e-mail content blocking and routing. A content filtering application located outside a trusted network receives messaging preferences information from within the trusted network regarding the mail recipients. This messaging preferences information may be utilized to allow certain pre-authorized messages from particular senders to bypass content filtering. Moreover, the messaging preferences information may be hashed to further protect the information on the perimeter network and to speed in review and comparison of the messaging preferences information. In addition, other types of user-specific information may be propagated to the perimeter network for use with other applications other than messaging.

摘要翻译： 将一个或多个用户的邮件偏好从收件人邮箱传播到管理电子邮件内容阻止和路由的外部网络。 位于可信网络之外的内容过滤应用从可信网络内接收关于邮件接收者的消息收发偏好信息。 可以利用该消息收发偏好信息来允许来自特定发送者的某些预授权消息来绕过内容过滤。 此外，消息收发偏好信息可以被散列以进一步保护外围网络上的信息，并且加速审查和比较消息收发偏好信息。 此外，可以将其他类型的用户特定信息传播到周边网络以与除消息传送之外的其他应用一起使用。

公开(公告)号：US20070143411A1

公开(公告)日：2007-06-21

申请号：US11303523

申请日：2005-12-16

申请人： Mihai Costea ,  Patrick Baudisch ,  Aidan Delaney

发明人： Mihai Costea ,  Patrick Baudisch ,  Aidan Delaney

IPC分类号： G06F15/16 ,  G06F11/00

CPC分类号： H04L51/12 ,  G06Q10/107 ,  H04L51/22

摘要： A user defines mutually exclusive inbox and spam folders to which emails are routed based on a rating assigned to each email. A variable user-defined range defines a mapping of the ratings to each folder. Incoming emails are routing to one of the folders according to the range. A reference set of emails is designated, each having a rating and either an inbox label or a spam label. A display indicates the number the reference emails in each folder if the reference emails are routed to one of the folders according to their ratings and according to the user-defined range.

摘要翻译： 用户根据分配给每个电子邮件的评分来定义电子邮件路由的互斥收件箱和垃圾邮件文件夹。 可变用户定义的范围定义了每个文件夹的评级映射。 传入的电子邮件根据范围路由到其中一个文件夹。 指定一组参考电子邮件，每个都有一个评级，一个收件箱标签或垃圾邮件标签。 如果参考电子邮件根据其评级和根据用户定义的范围路由到其中一个文件夹，显示屏将显示每个文件夹中的参考电子邮件的编号。

公开(公告)号：US20070094654A1

公开(公告)日：2007-04-26

申请号：US11254833

申请日：2005-10-20

申请人： Mihai Costea

发明人： Mihai Costea

IPC分类号： G06F9/44

CPC分类号： G06F8/65

摘要： The present invention causes rescue software to be updated when a secondary operating system is “booted” from a rescue disk. Aspects of the present invention may cause a computer to be “booted” using the rescue software when a user turns on a computer. Once the computer is booted using the rescue software, a source where a software update to the rescue software may be obtained is identified. Then, a determination is made regarding whether the software update originates from a trusted entity. In instances when the software update originates from a trusted entity, the rescue software is updated with one or more software updates.

摘要翻译： 当辅助操作系统从救援盘“引导”时，本发明使救援软件被更新。 当用户打开计算机时，本发明的各方面可能导致使用救援软件“引导”计算机。 一旦使用救援软件引导计算机，就可以识别可以获得对救援软件的软件更新的源。 然后，确定软件更新是否来自可信实体。 在软件更新来自可信实体的情况下，救援软件被更新为一个或多个软件更新。

公开(公告)号：US20060236392A1

公开(公告)日：2006-10-19

申请号：US11096490

申请日：2005-03-31

申请人： Anil Thomas ,  Michael Kramer ,  Mihai Costea ,  Efim Hudis ,  Pradeep Bahl ,  Rajesh Dadhia ,  Yigal Edery

发明人： Anil Thomas ,  Michael Kramer ,  Mihai Costea ,  Efim Hudis ,  Pradeep Bahl ,  Rajesh Dadhia ,  Yigal Edery

IPC分类号： G06F12/14

CPC分类号： G06F21/56 ,  G06F21/562 ,  G06F21/577

摘要： In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware. More specifically, the method comprises: using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.

摘要翻译： 根据本发明，提供了一种用于聚合多个安全服务或其他事件收集系统的知识库以保护计算机免受恶意软件的系统，方法和计算机可读介质。 本发明的一个方面是主动保护计算机免受恶意软件的方法。 更具体地，该方法包括：使用反恶意软件服务或其他事件收集系统来观察潜在地指示恶意软件的可疑事件; 确定可疑事件是否满足预定阈值; 并且如果可疑事件满足预定阈值，则实施旨在防止恶意软件传播的限制性安全策略。

公开(公告)号：US20060101282A1

公开(公告)日：2006-05-11

申请号：US10984611

申请日：2004-11-08

申请人： Mihai Costea ,  David Goebel ,  Adrian Marinescu ,  Anil Thomas

发明人： Mihai Costea ,  David Goebel ,  Adrian Marinescu ,  Anil Thomas

IPC分类号： H04L9/32

CPC分类号： G06F21/56

摘要： In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.

摘要翻译： 根据本发明，提供了聚合多个防病毒软件应用的知识库的系统，方法和计算机可读介质。 诸如防病毒软件应用程序之类的用户模式应用程序通过通用信息模型获得对文件系统操作的访问，从而避免了防病毒软件供应商创建内核模式过滤器的需要。 当文件系统操作可用于防病毒软件应用时，本发明可以使得安装在计算设备上的每个防病毒软件应用程序执行扫描以确定数据是否是恶意软件。

公开(公告)号：US20060095971A1

公开(公告)日：2006-05-04

申请号：US10977484

申请日：2004-10-29

申请人： Mihai Costea ,  Scott Field ,  Damodharan Ulagaratchagan

发明人： Mihai Costea ,  Scott Field ,  Damodharan Ulagaratchagan

IPC分类号： H04N7/16

CPC分类号： G06F21/56 ,  G06F21/562

摘要： A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.

摘要翻译： 呈现有效地确定所接收的文件不是恶意软件的系统和方法。 在操作中，当在计算设备处接收到文件时，评估文件是否包括用户可修改或表面的数据区域，即文件的区域，其性质通常不携带或嵌入恶意软件 。 如果文件包括表面数据区域，那些表面数据区域被过滤掉，并且基于接收到的文件的剩余部分生成文件签名。 然后，该文件可以与已知恶意软件的列表进行比较，以确定该文件是否是恶意软件。 或者，可以将文件与已知的可信文件的列表进行比较，以确定文件是否可信。

公开(公告)号：US20060070130A1

公开(公告)日：2006-03-30

申请号：US10951173

申请日：2004-09-27

申请人： Mihai Costea ,  David Aucsmith

发明人： Mihai Costea ,  David Aucsmith

IPC分类号： G06F12/14

CPC分类号： H04L63/1441 ,  G06F21/552 ,  H04L63/1416 ,  H04L2463/146

摘要： The present invention provides a system and method of tracing the spread of computer malware in a communication network. One aspect of the present invention is a method that traces the spread of computer malware in a communication network. When suspicious data characteristic of malware is identified in a computing device connected to the communication network, the method causes data that describes the state of the computing device to be stored in a database. After a specific attack against the communication network is confirmed, computing devices that are infected with the malware are identified. Then, the spread of the malware between computing devices in the communication network is traced back to a source.

摘要翻译： 本发明提供了一种跟踪计算机恶意软件在通信网络中的传播的系统和方法。 本发明的一个方面是跟踪计算机恶意软件在通信网络中的传播的方法。 当在连接到通信网络的计算设备中识别恶意软件的可疑数据特征时，该方法将描述计算设备的状态的数据存储在数据库中。 确定对通信网络的特定攻击后，会识别感染恶意软件的计算设备。 然后，在通信网络中的计算设备之间的恶意软件的扩展被追溯到源。