Viruses, worms, and trojan horses are malicious programs that can cause damage to computers and information on computer systems, slow down the Internet, and use infected computers to spread themselves to acquaintances, co-workers, and other computers on the World Wide Web. A virus is a piece of computer code that attaches itself to a host program or file so it can spread from computer to computer, infecting as it travels. Viruses can damage software, hardware, and/or data.
A particular subclass of viruses called a worm is designed to copy itself from one computer to another, but it does so automatically by taking control of features on the computer that can transport files or information. Once a worm is present in the system it generally spreads without user action and distributes complete copies (possibly modified) of itself across networks. A significant danger of worms is their ability to replicate in great volume. For example, a worm could send out copies of itself to everyone listed in a user's e-mail address book, and these recipient computers would then do the same, causing a domino effect of heavy network traffic that would slow down business networks and the Internet as a whole. When new worms are unleashed, they can spread very quickly, clogging networks and consuming memory or network bandwidth, thus causing a computer to stop responding and possibly making users wait twice as long, or even longer, to view Web pages on the Internet. Because worms do not necessarily travel via a host program or file, they can also tunnel into the affected system and allow a third party to take control of the system remotely. Additionally, some worms have been designed to cause the infected hosts to launch SYN attacks, a form of Denial of Service attack, on a web server at the same time. Recent examples of worms included the Sasser worm and the Blaster worm.
A trojan horse is a computer program that appears to be useful software but instead compromises system security and causes damage. For example, a recent trojan horse came in the form of an e-mail that included attachments claiming to be security updates from Microsoft Corporation of Redmond, Wash., but turned out to be viruses that attempted to disable antivirus and firewall software. Trojan horses spread when users are lured into opening a program because they think it comes from a legitimate source. Trojan horses can also be included in software that is downloaded by a user.
Virtually all viruses and many worms cannot spread unless a user opens or runs an infected program. Many of the most dangerous viruses have been primarily spread through e-mail attachments—the files that are sent along with an e-mail message. Photos, textual documents, and even spreadsheets are just some of the file types that might be received through e-mail. The virus is launched when the user opens the file attachment, usually by double-clicking the attachment icon. As a result, many organizations and individuals have adopted policies of deleting e-mail containing attachments received from unfamiliar parties. Unfortunately, such a policy no longer ensures that a user can safely open attachments from people he or she knows as viruses and worms have demonstrated the ability to access information in e-mail programs and send themselves to everyone listed in a user's address book. While less common, other viruses can spread through programs downloaded from the Internet or from virus-ridden removable storage media.
Installing up-to-date antivirus software on a computer is by far the most prevalent way to identify and remove viruses. Unfortunately, virus cleansing and repair remains a reactionary process whereby the necessary virus definition files are distributed upon identification of the virus “in the wild.” Time is therefore of the essence in distributing the virus definition files to stanch the spread of the virus. The virus definition development life-cycle is typically characterized as a very short “ship cycle.” As soon as a new antivirus definition file is available, it is shipped and made available for download to the antivirus subscribers. The frequency of such updates to antivirus programs is quite high. When a new virus is first identified, the virus definition distribution servers can become overloaded with requests or could even be made unavailable (e.g., through a Denial of Service attack or some similar nefarious method) as part of the scheme to further propagate the spread of the virus.
Accordingly, a need exists for a method or program that is able to slow the propagation of viruses across networks once a system has been infected, and, preferably without the need of an updated virus definition file for an anti-virus program, or any third party anti-virus software for that matter. The invention provides such a method. These and other advantages of the invention, as well as additional inventive features, will be apparent from the description of the invention provided herein.