1. Field of the Invention
This invention pertains in general to computer security, and more specifically, to identifying infected machines in the presence of communications-blocking malware.
2. Description of Related Art
Modern computer systems are often susceptible to a number of different problems, problems which are exacerbated by the increasing complexity of such systems. One such problem relates to system security. There exists a wide variety of security threats posed by malicious software such as viruses, worms, Trojan horses, and the like—collectively referred to as “malware”—that secretly performs operations not desired by the computer user. Such operations include theft of important data (e.g. financial records), modification or destruction of system or user files, execution of “backdoor” programs, and the like. The automated identification of host systems infected by malware is desirable, and this is particularly so for enterprises having a large number of computer systems, for which manual examination of every system is infeasible. Such automated identification typically relies on an infected host to recognize its infection and to report the infection to some other system, such as a security server, Administrator Console, or the like, from which some form of aid can be expected.
However, one possible action of malware is to interrupt communications from an infected host system to other systems, such as those having uniform resource locators (URLs) or internet protocol (IP) addresses on a list of common anti-malware security providers. Thus, without the ability of the host to advertise the fact that it is infected with malware, it becomes considerably more difficult to identify hosts requiring attention.