1. Field of the Invention
This invention pertains in general to computer security and in particular to collection of malware samples through detection of unauthorized downloads.
2. Description of the Related Art
Modern computer systems are often susceptible to a number of different problems, problems which are exacerbated by the increasing complexity of computer systems. One such problem relates to system security. There exists a wide variety of security threats posed by malicious software—collectively referred to as “malware”—that secretly performs operations not desired by the computer user. Such operations include theft of important data (e.g. financial records), modification or destruction of system or user files, execution of “backdoor” programs, and downloading of other malicious executable files.
Unfortunately, malware proves difficult to detect. Although signatures may be formulated for a given instance of malware and then distributed to security software packages to aid in malware recognition, there may be a long time period—known as a vulnerability window—between the first executions of a given instance of malware and the distribution of signatures. The first time that a new instance of malware executes, it will not yet be known to be malware and thus no signatures will yet be available for it. Thus, in many cases, the malware will install itself and infect a number of systems before users detect any abnormal system behavior caused by it and submit it to a security software provider (e.g., a provider of anti-malware software solutions) for analysis. By the time that the security provider analyzes the malware, derives signatures used to identify the malware, and makes the signatures available to security software, much harm may already have taken place. It is possible for security software providers to proactively seek new instances of malware for analysis in order to reduce the vulnerability window, but it may prove difficult for security software providers to locate sources of malware distribution.