The Community for Technology Leaders
Performance, Computing, and Communications Conference, 2002. 21st IEEE International (2006)
Phoenix, AZ, USA
Apr. 10, 2006 to Apr. 12, 2006
ISBN: 1-4244-0198-4
pp: 37
C.-T. Huang , Dept. of Comput. Sci.&Eng., South Carolina Univ., Columbia, SC, USA
N.L. Johnson , Dept. of Comput. Sci.&Eng., South Carolina Univ., Columbia, SC, USA
J. Janies , Dept. of Comput. Sci.&Eng., South Carolina Univ., Columbia, SC, USA
ABSTRACT
Capturing an E-mail worm and containing its propagation as early as possible is desirable in order to provide better protection for the networks and hosts against severe damage that may be caused by the worm. In this paper, we propose a new approach that makes use of the propagating nature of E-mail worms. This approach inserts into each client's address book a dummy E-mail address that is not used by any registered user of the local domain, such that we can be confident that any E-mail destined to this dummy E-mail address is generated by an E-mail worm. The captured signatures can then be used to construct a user blacklist and a signature blacklist to contain the propagation of this E-mail worm. We also discuss how E-mail worms can attempt to bypass the dummy E-mail address, and propose countermeasures against these attempts. Our prototype implementation shows that this approach is easily deployable and is effective in containing E-mail worms.
INDEX TERMS
signature blacklist, E-mail worm capturing, propagation, client address book, dummy E-mail address, user blacklist
CITATION
C.-T. Huang, N.L. Johnson, J. Janies, A.X. Liu, "On capturing and containing E-mail worms", Performance, Computing, and Communications Conference, 2002. 21st IEEE International, vol. 00, no. , pp. 37, 2006, doi:10.1109/.2006.1629415
94 ms
(Ver 3.3 (11022016))