| 摘要 |
Outbound communication from a computer is monitored, and requests to access remote links are identified. This process identifies attempts by users to access links provided by third parties in emails and such, as well other attempts by users to access remote domains. Domains in the identified requests are profiled, by testing them for properties associated with known legitimate domains, and for properties associated with known fraudulent domains. A trustworthiness score for a domain is calculated based on the results of the profiling. The trustworthiness score is compared to a predetermined threshold, and from the results it is determined whether or not the domain is legitimate. If the domain is fraudulent, appropriate action is taken, such as blocking the attempt to access the domain. |
