With regard to computers and intelligent devices, and particularly devices that operate using Internet Protocol (IP), there unfortunately are situations in which a third party may take over, or otherwise occupy with nefarious purpose, the computer or intelligent device. There are available systems that monitor for such threats of nefarious occupation, and these monitoring systems may detect when a malintended occupation is occurring. However, issues exist with implementing remedies even after determining that an occupation exists. Issues include assessing how best to eliminate the occupation, and deciding how best to alert a user that the nefarious occupation is occurring or has occurred.
One type of malintended occupation is “malware,” which is short for malicious software. Malware is software designed to infiltrate a computer or intelligent device without consent of the user or owner. As used herein, malware includes computer viruses, worms, trojan horses, rootkits, backdoors, spyware, dishonest adware, crimeware and other malicious and unwanted software.
For malware to accomplish its malintended purpose, the malware must not be shut down or deleted by the user of the computer or intelligent device to be occupied. Concealment of the malware allows for an avoidance of deletion, and may in fact improve the chances that the malware will get installed in the first instance. That is, when malware is disguised as being innocuous or desirable, a user may be tempted to install, download, use or otherwise enable the malware.
Particularly common among the aforementioned types of malware are viruses, worms, spyware, trojan horses, and backdoors. Viruses and worms are often defined by the manner in which they spread. The term virus is typically used to define a program that has infected executable software and that may cause that software to spread the virus to other executable software. A worm, on the other hand, is generally defined as a program that actively transmits itself over a network to infect other computers. Viruses and worms may also contain a payload that is typically used to define the performance of other actions in addition to those defined immediately above.
Spyware includes programs designed to monitor a user's web browsing, display unsolicited advertisements, and/or redirect affiliate marketing revenues to the spyware creator. Spyware programs are generally installed by exploiting security holes, or may be packaged with user-installed software, such as peer-to-peer applications, for example.
A trojan horse is defined to include any program that invites the user to run it, and that conceals and/or delivers a harmful or malicious payload when run. The payload may take effect immediately and may lead to many undesirable effects, such as deleting the user's files or installing additional malicious or undesirable software.
A “backdoor” includes bypassing of normal authentication procedures. Once a system has been compromised (by one of the above methods, or by other known methods), one or more backdoors may be installed in order to allow malicious occupation in the future. Backdoors may also be installed prior to other malware, such as to allow attackers to subsequently enter.
Once malware is installed on a system, concealment, such as to avoid detection and disinfection, is essential, as mentioned hereinabove. The same is true when a human attacker, or “hacker,” occupies a computer directly, with or without use of malware. Also, techniques often referred to as rootkits may allow concealment, such as by modifying the host operating system so that the malware is hidden from the user. For example, rootkits may prevent malware and/or a malicious process from being visible in a process list, or may keep malicious files from being read by the operating system. Additionally, some malware contains routines to defend against removal, including affirmative repelling of removal.
Malware creators may profit from malware by using the infected computers to do work for the creator. In such cases, the infected computers may be used as proxies to send out spam messages, for example. The use by spammers of infected computers may provide anonymity, thereby protecting the spammer from prosecution. For example, spammers have regularly used infected computers to target anti-spam organizations, and/or to distribute denial-of-service attacks.
In order to coordinate the activity of many infected computers, attackers may use malware in the form of coordinating systems known as botnets. In a botnet, a program operating as an agent for a user or another program (a “bot,” short for robot program) logs onto a computer, such as via a chat channel. An attacker may then instruct many or all bot infected systems simultaneously. For example, botnets have been used to push upgraded malware to infected systems, thereby keeping infected systems resistant to updates, antivirus software and like security measures.
A malware creator may also profit by stealing sensitive information using the malware. For example, a key logger may be installed by or with malware to intercept a user's keystrokes, thereby allowing a nefarious party to obtain passwords, credit card numbers, or other information that may be exploited. Similarly, malware may copy a CD key, or passwords for online games, thus allowing the nefarious party to steal accounts or virtual items, for example.
In short, malware is highly undesirable, and may lead to various difficulties in computer use and operation, including the theft of information or personal credentials. Thus, when a computing device is infected and the infection becomes known, it is imperative that the malware be quarantined, processed and/or removed, preferably immediately and completely. This removal may prevent harm to the computer, data and credentials, and limits the possibility of spreading the malware to other computing devices on a network that may be connected to the infected computing device.
However, a great impediment in quarantining, processing and removing malware is the need to alert a user of an infected computing device that there is a problem, particularly in the aforementioned case when the malware is concealed. As discussed previously, if an IP connected device is infected by malware, it may also render antivirus or like defense mechanisms ineffective, and further may block notifications advising the user that an infection is present, and/or that the user is in danger of losing data or credentials. Further, such warnings may not only be blocked, but even when valid may be mistaken by the affected user for a spoofed notification from the attacker. Consequently, warnings to an end user that data may be stolen or an identity compromised are often ignored.
A need therefore exists for a secure method, system and device for delivering information and notifications from a trusted party to a user or a networked device.