Using a benevolent worm to assess and correct computer security vulnerabilities

US 20040128530A1
Filed: 12/31/2002
Published: 07/01/2004
Est. Priority Date: 12/31/2002
Status: Active Grant

First Claim

Patent Images

1. A method for assessing computer security vulnerabilities, the method comprising:

a benevolent worm attempting to copy itself to a computer, in order to assess potential security vulnerabilities of the computer;

at least one copy of the benevolent worm attempting to copy itself to an additional computer, in order to assess potential security vulnerabilities of the additional computer; and

at least one copy of the benevolent worm communicating information concerning at least one security vulnerability of a computer to a benevolent worm controller.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer readable media utilize a benevolent worm (100) to assess computer security vulnerabilities, and to correct computer security vulnerabilities. A benevolent worm (100) attempts (301) to copy itself to a computer (201), in order to assess (303) potential security vulnerabilities of the computer (201). The benevolent worm (100) communicates information (203) concerning at least one security vulnerability of a computer (201) to a benevolent worm controller (205). The benevolent worm (100) can determine (1003) that a computer (201) has at least one security vulnerability which allowed installation of the benevolent worm (100). The benevolent worm (100) can correct (1005) at least one security vulnerability of the computer (201).

56 Citations

View as Search Results

63 Claims

1. A method for assessing computer security vulnerabilities, the method comprising:
- a benevolent worm attempting to copy itself to a computer, in order to assess potential security vulnerabilities of the computer;
  
  at least one copy of the benevolent worm attempting to copy itself to an additional computer, in order to assess potential security vulnerabilities of the additional computer; and
  
  at least one copy of the benevolent worm communicating information concerning at least one security vulnerability of a computer to a benevolent worm controller.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, the method further comprising:
    - at least one copy of the benevolent worm determining that the benevolent worm has replicated a maximum number of times; and
      
      at least one copy of the benevolent worm not attempting further replication of itself responsive to the determination.
  - 3. The method of claim 1, the method further comprising:
    - at least one copy of the benevolent worm determining that the copy has existed for a set period of time; and
      
      at least copy of the benevolent worm terminating itself responsive to the determination.
  - 4. The method of claim 1 further comprising:
    - at least one copy of the benevolent worm attempting to access resources of a computer; and
      
      at least one copy of the benevolent worm communicating information concerning at least one attempt to access resources of a computer to a benevolent worm controller.
  - 5. The method of claim 4, wherein the step of attempting to access resources further comprises:
    - attempting to write to a file system.
  - 6. The method of claim 4, wherein the step of attempting to access resources further comprises:
    - attempting to acquire super-user privileges.
  - 7. The method of claim 4, wherein the step of attempting to access resources further comprises:
    - attempting to access a connected computer.
  - 8. The method of claim 4, wherein the step of attempting to access resources further comprises:
    - checking for the existence of a known security vulnerability.
  - 9. The method of claim 4, wherein the step of attempting to access resources further comprises:
    - checking for the installation of known anti-virus software.
  - 10. The method of claim 1, further comprising:
    - at least one copy of the benevolent worm receiving an instruction from the benevolent worm controller.
  - 11. The method of claim 10, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to stop replicating.
  - 12. The method of claim 10, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to self-terminate.
  - 13. The method of claim 10, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to attempt to infect a specific computer.
  - 14. The method of claim 10, wherein:
    - the instruction from the benevolent worm controller comprises an instruction not to attempt to infect a specific computer.
  - 15. The method of claim 1 further comprising:
    - the benevolent worm attempting to infect only those computers with specific network addresses.
  - 16. The method of claim 1 further comprising:
    - the benevolent worm not attempting to infect computers with specific network addresses.
  - 17. The method of claim 1 further comprising:
    - the benevolent worm attempting to infect only those computers running a specific operating system.
  - 18. The method of claim 1 further comprising:
    - the benevolent worm not attempting to infect computers running a specific operating system.
  - 19. The method of claim 1, further comprising:
    - a copy of the benevolent worm determining that it has not received a communication from the benevolent worm controller for a length of time; and
      
      a copy of the benevolent worm sending a signal to the benevolent worm controller responsive to the determination.
  - 20. The method of claim 19, further comprising:
    - a copy of the benevolent worm terminating itself, responsive to not receiving an acknowledgement from the benevolent worm controller.
  - 21. The method of claim 1, further comprising:
    - a copy of the benevolent worm determining that a computer has already been infected with the benevolent worm; and
      
      a copy of the benevolent worm not attempting to copy itself to the computer, responsive to the determination.
  - 22. The method of claim 1, further comprising:
    - a copy of the benevolent worm determining that anti-virus software is installed on a computer; and
      
      a copy of the benevolent worm not attempting to copy itself to the computer, responsive to the determination.

23. A computer readable medium containing a computer program product for assessing computer security vulnerabilities, the computer program product comprising:
- program code for attempting to copy the computer program product to remote computers on a network;
  
  program code for assessing potential security vulnerabilities of computers on the network; and
  
  program code for communicating, to a benevolent worm controller, information concerning security vulnerabilities of computers on the network.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 24. The computer program product of claim 23 further comprising:
    - program code for determining that the computer program product has replicated a maximum number of times; and
      
      program code for not attempting further replication of the computer program product, responsive to such a determination.
  - 25. The computer program product of claim 23 further comprising:
    - program code for determining that the computer program product has existed for a set period of time; and
      
      program code for terminating the computer program product, responsive to such a determination.
  - 26. The computer program product of claim 23 further comprising:
    - program code for attempting to access resources of a computer on which the computer program product resides; and
      
      program code for communicating, to a benevolent worm controller, information concerning at least one attempt to access resources of a computer.
  - 27. The computer program product of claim 26, wherein the program code for attempting to access resources further comprises:
    - program code for attempting to write to a file system.
  - 28. The computer program product of claim 26, wherein the program code for attempting to access resources further comprises:
    - program code for attempting to acquire super-user privileges.
  - 29. The computer program product of claim 26, wherein the program code for attempting to access resources further comprises:
    - program code for attempting to access a connected computer.
  - 30. The computer program product of claim 26, wherein the program code for attempting to access resources further comprises:
    - program code for checking for the existence of a known security vulnerability.
  - 31. The computer program product of claim 26, wherein the program code for attempting to access resources further comprises:
    - program code for checking for the installation of known anti-virus software.
  - 32. The computer program product of claim 23 further comprising:
    - program code for receiving an instruction from the benevolent worm controller.
  - 33. The computer program product of claim 32, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to stop replicating.
  - 34. The computer program product of claim 32, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to self-terminate.
  - 35. The computer program product of claim 32, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to attempt to infect a specific computer.
  - 36. The computer program product of claim 32, wherein:
    - the instruction from the benevolent worm controller comprises an instruction not to attempt to infect a specific computer.
  - 37. The computer program product of claim 23 further comprising:
    - program code for attempting to copy the computer program product only to those computers with specific network addresses.
  - 38. The computer program product of claim 23 further comprising:
    - program code for not attempting to copy the computer program product to computers with specific network addresses.
  - 39. The computer program product of claim 23 further comprising:
    - program code for attempting to copy the computer program product only to those computers running a specific operating system.
  - 40. The computer program product of claim 23 further comprising:
    - program code for not attempting to copy the computer program product to computers running a specific operating system.
  - 41. The computer program product of claim 23 further comprising:
    - program code for determining that the computer program product has not received a communication from the benevolent worm controller for a length of time; and
      
      program code for sending a signal to the benevolent worm controller responsive to such a determination, the signal indicating current status of the computer program product.
  - 42. The computer program product of claim 41 further comprising:
    - program code for terminating the computer program product, responsive to not receiving an acknowledgement from the benevolent worm controller.
  - 43. The computer program product of claim 23 further comprising:
    - program code for determining that the computer program product has already been installed on a computer; and
      
      program code for not attempting to copy the computer program product to the computer, responsive to such a determination.
  - 44. The computer program product of claim 23 further comprising:
    - program code for determining that anti-virus software is installed on the computer; and
      
      program code for not attempting to copy the computer program product to a computer, responsive to such a determination.

45. A method for correcting detected computer security vulnerabilities, the method comprising:
- installing a benevolent worm on a computer;
  
  the benevolent worm determining that the computer has at least one security vulnerability which allowed installation of the benevolent worm; and
  
  correcting at least one security vulnerability of the computer.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
- - 46. The method of claim 45 wherein:
    - the step of determining that the computer has at least one security vulnerability further comprises determining that no anti-virus software is installed on the computer; and
      
      wherein the method further comprises;
      
      installing anti-virus software on the computer.
  - 47. The method of claim 46 wherein the step of installing anti-virus software on the computer further comprises:
    - sending a request for anti-virus software to a benevolent worm controller;
      
      receiving anti-virus software from the benevolent worm controller.
  - 48. The method of claim 46 further comprising:
    - the benevolent worm executing the anti-virus software; and
      
      the anti-virus software removing the benevolent worm from the computer.
  - 49. The method of claim 45 wherein:
    - the step of determining that the computer has at least one security vulnerability further comprises determining that non-current anti-virus software is installed on the computer; and
      
      wherein the method further comprises;
      
      updating the anti-virus software on the computer.
  - 50. The method of claim 49 wherein the step of updating the anti-virus software on the computer further comprises:
    - sending a request for an update to the anti-virus software to a benevolent worm controller; and
      
      receiving an update to the anti-virus software from the benevolent worm controller.
  - 51. The method of claim 49 further comprising:
    - the benevolent worm executing the updated anti-virus software; and
      
      the updated anti-virus software removing the benevolent worm from the computer.
  - 52. The method of claim 45 wherein:
    - the step of determining that the computer has at least one security vulnerability further comprises determining that the computer lacks a firewall; and
      
      wherein the method further comprises;
      
      installing a firewall on the computer.
  - 53. The method of claim 45 wherein:
    - the step of determining that the computer has at least one security vulnerability further comprises determining that a non-current firewall is installed on the computer; and
      
      wherein the method further comprises;
      
      updating the firewall on the computer.
  - 54. The method of claim 45 wherein:
    - the step of correcting at least one security vulnerability of the computer further comprises installing a software patch on the computer.
  - 55. The method of claim 45 wherein:
    - the step of correcting at least one security vulnerability of the computer further comprises modifying configuration information of the computer.
  - 56. The method of claim 45 wherein:
    - the step of correcting at least one security vulnerability of the computer further comprises;
      
      sending a request to a benevolent worm controller; and
      
      receiving a correction for at least one security vulnerability from the benevolent worm controller.

57. A method for informing a user of computer security vulnerabilities, the method comprising:
- installing a benevolent worm on a computer;
  
  the benevolent worm determining that the computer has at least one security vulnerability which allowed installation of the benevolent worm; and
  
  outputting information to a user concerning at least one security vulnerability of the computer.
- View Dependent Claims (58)
- - 58. The method of claim 57 wherein:
    - the step of outputting information to a user concerning at least one security vulnerability of the computer is performed in response to the benevolent worm unsuccessfully attempting to communicate with a benevolent worm controller.

59. A computer readable medium containing a computer program product for correcting detected computer security vulnerabilities, the computer program product comprising:
- program code for installing the computer program product on a computer;
  
  program code for determining that the computer has at least one security vulnerability which allowed installation of the computer program product; and
  
  program code for correcting at least one security vulnerability of the computer.

60. A computer readable medium containing a computer program product for informing a user of computer security vulnerabilities, the computer program product comprising:
- program code for installing the computer program product on a computer;
  
  program code for determining that the computer has at least one security vulnerability which allowed installation of the computer program product; and
  
  program code for outputting information to a user concerning at least one security vulnerability of the computer.

61. A system for assessing computer security vulnerabilities, the system comprising:
- means for attempting to copy a benevolent worm to remote computers on a network;
  
  means for assessing potential security vulnerabilities of computers on the network; and
  
  means for communicating, to a benevolent worm controller, information concerning security vulnerabilities of computers on the network.

62. A system for correcting detected computer security vulnerabilities, the system comprising:
- means for installing a benevolent worm on a computer;
  
  means for a benevolent worm determining that the computer has at least one security vulnerability which allowed installation of the benevolent worm; and
  
  means for correcting at least one security vulnerability of the computer.

63. A system for informing a user of computer security vulnerabilities, the system comprising:
- means for installing a benevolent worm on a computer;
  
  means for the benevolent worm determining that the computer has at least one security vulnerability which allowed installation of the benevolent worm; and
  
  means for outputting information to a user concerning at least one security vulnerability of the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Isenberg, Henri J.

Granted Patent

US 7,296,293 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

H04L 63/1433 Vulnerability analysis

Using a benevolent worm to assess and correct computer security vulnerabilities

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

63 Claims

Specification

Solutions

Use Cases

Quick Links

Using a benevolent worm to assess and correct computer security vulnerabilities

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

63 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links