| US 7,543,055 B2 | ||
| Service provider based network threat prevention | ||
| Richard T. Kohn, Orlando, Fla. (US) | ||
| Assigned to Earthlink, Atlanta, Ga. (US) | ||
| Filed on Jun. 20, 2006, as Appl. No. 11/425,229. | ||
| Prior Publication US 2007/0294391 A1, Dec. 20, 2007 | ||
| Int. Cl. G06F 15/173 (2006.01) | ||
| U.S. Cl. 709—224 [726/2; 713/155] | 20 Claims |
| 1. A method for identifying a network threat, comprising:
assembling a set of names of files responsible for proliferating a network threat and a set of names of files previously identified
as not responsible for proliferating a network threat;
inserting a network traffic monitor within a network service provider's infrastructure, the network traffic monitor configured
to identify a first domain responsible for presently communicating at least one file from the set of names of files responsible
for proliferating a network threat;
searching the first domain for files not associated with either of the set of names of files responsible for proliferating
a network threat and the set of names of files previously identified as not responsible for proliferating a network threat;
analyzing the content of the files not associated with either of the set of names of files responsible for proliferating a
network threat and the set of names of files previously identified as not responsible for proliferating a network threat;
and
adding a file name to one of the set of names of files responsible for proliferating a network threat and the set of names
of files previously identified as not responsible for proliferating a network threat responsive to the step of analyzing.
|