1. Field of the Invention
The present invention relates to the protection of computer systems. More particularly, the present invention relates to preventing e-mail propagation of polymorphic malicious code.
2. Description of the Related Art
Malicious code that propagates from one computer to another over a network, e.g., via e-mail, is often referred to as a “worm”. Most worms that spread from one computer to another are spread via e-mail over the Internet.
The most common way to send e-mail over the Internet is using the SMTP (Simple Mail Transfer Protocol). SMTP is part of TCP/IP (Transfer Control Protocol/Internet Protocol). SMTP was originally designed to send only that e-mail that consists solely of text and that is encoded using the ASCII characters set, which is limited. It soon became apparent that computer users wished to send other than the straight ASCII characters as e-mail, and so encoding scheme such as Uuencode and MIME were developed. These encoding schemes are capable of encoding any type of file, including a binary graphics file, into ASCII so that it can be sent as an e-mail attachment.
Polymorphic malicious code such as a polymorphic SMTP mass mailing worm changes its virus signature (i.e., binary pattern) every time it replicates. By changing its virus signature, the polymorphic malicious code often avoids detection by anti-virus programs thus allowing the polymorphic malicious code to spread, e.g., as an e-mail attachment.