A major problem facing modern computing systems and communications systems is the prevalence of spam and/or scam electronic mail (e-mail). Herein, spam includes any messages, such as, but not limited to, e-mail, or instant messages, that are not requested or desired by the intended receiver of the message. Herein, scam electronic mail is a sub-set of spam e-mail and includes, but is not limited to, a message including: any content that promotes and/or is associated with fraud; any content that promotes and/or is associated with various financial scams; any content that promotes and/or is associated with any criminal activity; and/or any content that promotes and/or is associated with harmful and/or otherwise undesirable content, whether illegal in a given jurisdiction or not.
Another problem facing modern computing systems and communications systems is the prevalence and propagation of malware. Herein, malware includes, but is not limited to, any software and/or code designed to infiltrate a user's computing system without the user's informed and/or explicit consent. Some of the better known forms of malware include computer viruses and spyware.
Despite the fact that malware can be, and often is, distributed/propagated to victim/user computing systems via e-mail, and/or other message attachments, i.e., as attachments to spam, the mechanisms currently used to detect spam and protect a user computing system from spam, and the data obtained via the mechanisms used to detect and protect from spam, are not usually employed to help identify malware and protect a user computing system from malware infection, i.e., currently there is little or no cross-over and/or overlap between spam detection and prevention systems and malware detection and prevention systems.
As an example, one relatively new mechanism used to detect spam is the spam e-mail honeypot, also referred to herein as a “honeypot” or “honeypot system”. A spam e-mail honeypot is typically a decoy e-mail system established on a computing system, such as any computing system discussed herein, and/or known in the art at the time of filing, and/or as developed after the time of filing, to receive a large number of e-mails, and/or other messages, sent to decoy e-mail addresses. Generally, the decoy e-mail addresses don't belong to a genuine person or entity. Consequently, the e-mails received by the honeypot via the decoy e-mail addresses are typically not legitimate e-mails from legitimate senders. As a result, at a first cut, it is assumed any e-mails sent to the decoy e-mail addresses and received at the spam e-mail honeypot are indeed spam.
In operation, as the spam e-mail honeypot decoy e-mail addresses become known to spammers, more and more spammers typically add the spam e-mail honeypot decoy e-mail addresses to their user/victim e-mail address databases and more and more spam e-mails are sent to the spam e-mail honeypot decoy e-mail addresses. Consequently, spam e-mail honeypots typically receive large numbers of e-mails, of which the vast majority are simple spam. However, typically, a proportion of the e-mails received at the spam e-mail honeypot may be legitimate. Further, typically, a proportion of the e-mails received at the spam e-mail honeypot also contain malware, i.e., are malware propagating e-mails.
Currently, the fact that a proportion of the e-mails received at the spam e-mail honeypot will also contain malware is largely ignored because the proportion of the e-mails received at the spam e-mail honeypot that also contain malware is typically quite small and because the profile of the particular malware strains and variants received by a spam e-mail honeypot is likely to be different to that received in a non-spam e-mail honeypot environment, i.e., received in a real e-mail system environment. As a result, despite the significant number of malware containing e-mails that are currently received by some spam e-mail honeypots, data and e-mails received by spam e-mail honeypots are currently not being used as a source of data to improve detection rates of malware containing e-mails and to better protect user computing systems. Consequently, numerous user computing systems continue to be infected by viruses and other malware distributed via e-mail. Clearly, this is a far from ideal situation for the victims, but it is also a problem for all users of e-mail who must suffer with the delays of false positive malware results and/or must be wary of all e-mails, even those of legitimate origin and intent.