Malicious software, such as viruses and worms, has been known to create bot networks, cause spamming, and other destructive activities. A bot, also referred to as a remote-access Trojan program, seeks out and places itself on computers running silently in the background, thereby allowing the attacker to operate the computer while the owner is unaware. Such computers are generally referred to as zombies, which in the aggregate can be manipulated to cause havoc to communication networks by way of excessive message congestion along with furthering the spread of malicious software to other computers.
Many products have been developed to monitor and remove malicious software. Although these products have proven useful, they have failed to provide a holistic solution for protecting large communication networks and its customers.
A need therefore arises for a method and apparatus for diagnosing and mitigating malicious events in a communication network.