1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to methods and apparatus for distributing malicious code patterns.
2. Description of the Background Art
Computer viruses, worms, Trojans, rootkits, and spyware are examples of malicious codes that have plagued computer systems throughout the world. Malicious codes, which are also collectively referred to simply as “viruses,” may be detected using antivirus techniques implemented in software, hardware, or a combination of hardware and software. An antivirus may employ a scan engine and malicious code patterns. To scan data for malicious codes, the scan engine compares the content of the data to the malicious code patterns using a pattern matching algorithm. The data is deemed infected if a match is found. In that case, various cleaning steps may be performed to prevent the malicious code from proliferating including quarantine, disinfection, removal, alerting the user or administrator, and so on.
Malicious code patterns are periodically updated to include the latest information on known malicious codes. Malicious code pattern updates may be performed by FTP (file transfer protocol) or HTTP (hypertext transfer protocol). Although effective and may be used in conjunction with embodiments of the present invention, pattern update by FTP or HTTP requires special infrastructure and involves considerable cost on the part of the computer security vendor providing the antivirus. This increases the cost of the antivirus, which is passed on to the consumer. What is needed is a low cost and reliable pattern update service.