1. Field of the Invention
Embodiments of the present invention generally relate to a computer system security and, more particularly, to a method and apparatus for monitoring a computer system to detect self-propagating malicious software.
2. Description of the Related Art
Malicious software programs (e.g., virus, Trojans, and the like) are designed to disrupt normal activities within a computing environment for a large organization. For example, the malicious software programs corrupt mission-critical data and/or render unusable one or more computer hardware devices. As a result, the large organization experiences a substantial loss in productivity. Furthermore, a significant amount of time and money is spent to recover any lost data. Accordingly, the malicious software programs threaten the potential growth of the large organization and affect the usability of the computing environment.
Viruses are common forms of the malicious software programs. Generally, a virus is usually an unauthorized block of an executable program (or some unit of code, e.g., instructions to which the computer responds, such as a code block, code element or code segment) that may be attached to other programs and/or files. Sometimes, the virus is received through a file attached to an email, an Instant Message (IM) and/or a similar message exchanged through communication software. Once executed, the viruses spread quickly by attaching themselves to various resources and infecting computer programs. Further, the viruses self-propagate by sending a copy of itself to each of the contacts in an address book.
The number of new viruses and variants of existing viruses is increasing at such a higher pace that it has become difficult for existing anti-virus systems to keep pace with the release of new viruses. There is a very small window of opportunity to respond to a new virus. Furthermore, conventional techniques of virus detection are unable to quickly recognize new viruses. As a result, the viruses cause unrecoverable damages to the computing environment.
Accordingly, there is a need in the art for an efficient method and apparatus for monitoring a computer system to detect and prevent new self-propagating viruses.