1. Field of the Invention
The present invention relates generally to network security. More particularly, the present invention relates to malware attack prevention.
2. Background Art
Presently, malicious software (i.e., malware), can attack various devices via a network. For example, malware may include any program or file that is harmful to a computer user, such as computer viruses, worms, Trojan horses, spyware, or any programming that gathers information about a computer user without permission. Various processes and devices have been employed to prevent the problems that malware can cause.
For example, client devices often include malware scanning software that scans a particular client device for malware. The scanning may be performed based on a schedule specified by a user associated with the particular device, by a system administrator, and so forth. Unfortunately, by the time the malware is detected by the scanning software, some damage on the particular client device may have already occurred.
Another option for preventing malware is a honey pot. A honey pot is a computer system on the Internet that is expressly set up to attract and “trap” a user that attempts to penetrate other users' computer systems. The user can include a hacker, a cracker, or a script kiddy. The honey pot records the activities of the user invading the other users' computer systems. Disadvantageously, as the honey pot is being invaded, so too are other users' computer systems on the same network. Thus, other users' computer systems may be harmed while the honey pot determines the nature of the malware invading the honey pot's own computer system.
One disadvantage of the “honey pot” approach is the passive nature of the trap. Generally, honey pots comprise a static IP address. The user of the honey pot tries to attract attention to make the honey pot an attractive target to hackers, crackers, and script kiddies. The user of the honey pot will also reduce security on the machine as to allow attackers access so as to track the user's attack by recording the attack vector (i.e., vulnerability exploited to attack the honey pot) and the payload (i.e., damage caused by the attack.) Unfortunately, if the attack is aware of the honey pot, the honey pot can easily be avoided by simply not attacking the honey pot's IP address. Further, some attacks include scans for computers and open ports. A honey pot's existence and vulnerability to such a scanning attack may be lost in a list of other potential targets. As such, the honey pot may not be attacked, but rather other computers containing valuable data.