摘要 |
A system, method and computer program product for email-based worm detection and mitigation are disclosed. The system, method, and computer program product are configured to identify a signature representing content prevalent in email-based network traffic, generate a client list for the identified signature, determine if a number of clients included in the client list exceeds a threshold, and generate a worm signature based on the signature if the number of clients included in the client list exceeds the threshold.
|