Networked computers are vulnerable to malicious computer code attacks, such as worms, viruses and Trojan horses. As used herein, “malicious computer code” is any code that enters a computer without an authorized user's knowledge and/or without an authorized user's consent.
Malicious mobile executable files comprise a major security threat. Mobile executable files are typically not signed, and do not carry a digital signature. Thus, the identity of their author(s) is unknown, and they should be suspected of being potentially malicious. For example, worms are often spread as a form of malicious mobile executable file.
Malicious mobile executable files such as worms often utilize open shares to spread themselves within networks. However, legitimate code can also be copied within a network this way. Being able to track mobile executable files within networks is advantageous in determining whether the code is malicious or not, and blocking and eliminating detected malicious mobile code.
To determine whether a mobile file is malicious, and how to eliminate threats from detected malicious mobile files, it would be helpful to know the answers to questions such as:
What is the identity of the user who first introduced the file into the network?
From which computer did the file originate?
When did the file originate?
On to which other computers has the file been copied?
What route has the file taken, over what time period?
Is there a known malicious code signature associated with the file?
Is that signature available on any of the computers on which the file is installed?
There is no mechanism within Microsoft Windows® or other operating systems to automatically determine or track such information as a mobile file moves around a network. What is needed are methods, systems and computer readable media for tracking mobile files in real-time as they move throughout a network via open shares.