Malicious programs such as those known as viruses and worms can be attached to a file and spread through the Internet. One recent trend is that a virus is spread through an email system as an attachment, and when the user executes the attachment (by performing a double click operation), the virus is activated and then performs abnormal operations or/and side-effects to the user data/program that may result in unrecoverable data loss.
There are several known techniques to share files among users. For example, email or web downloads, Peer-2-Peer (P2P) and File Transfer Protocol (FTP) are well known mechanisms to exchange files among business users and consumers. In general, when the user downloads files, the user expects that the program is trusted and well behaved. However, the inventor is not aware of any mechanism that currently exists to enable one to track the source of a file. An attacker may exploit this behavior and create a malicious program such as a virus. As the user has no knowledge of the actual source of the file that contains the virus, after the virus program is downloaded it is executed on the user's machine, and may create undesirable side effects resulting in financial loss for the user.
The problem that arises because of the lack of source verification is not restricted to file sharing. The Internet uses the Internet Protocol (IP) that also suffers from the same problems, and the anonymous nature of the IP protocol may be exploited by an attacker to generate denial of service (DoS) attacks. Any node can masquerade and generate an IP packet to another node.
Email applications typically use the Simple Mail Transfer Protocol (SMTP). SMTP inherits the properties of IP and suffers from the same problems, that is, anyone can send email spam to a valid address by inserting a non-existent or some other email address as the source of the email.
Source validation and source tracking are fundamental problems that persist today in the Internet, and also in file system space. As attacks grow more sophisticated, these fundamental problems need to be resolved.
For example, as mobile terminals, such as cellular telephones, become multi-functional and support functions such as PDA, voice service, email, P2P and gaming, it can be expected that attacks on mobile terminals can be launched in a similar manner as attacks on traditional fixed network components and nodes. The impact on mobile terminals may be, however, more severe, because the mobile terminal typically runs in a constrained environment with limited computing and other resource power. When a virus or other malicious program is activated it may attempt to consume additional resources, and can cause a drain on battery power. Further, since many mobile terminals are not true multitasking devices, and don't have a clear separation of kernel and user space, a virus might exploit this architecture to cause the operating program to malfunction.
The problem is to restrict the spread of virus. In general, if a program misbehaves by creating an undesirable or an unexpected side effect the user should be able to track the source of the program. For example, assume that a mobile terminal user (say A) downloads a program from another mobile terminal user (say B), or from an operator host web server (say C). If the mobile terminal user B's system, or the operator host web server, is compromised by a virus, then after downloading the malicious program the terminal of user A can be compromised. It would desirable in this case to determine the actual source of the file.
The existing anti-virus software and other mechanisms for dealing with malicious programs are not adequate for solving the problem of determining the actual source of a program, such as a malicious program.