Virus epidemic damage control system and method for network environment

US 7,062,553 B2
Filed: 07/22/2002
Issued: 06/13/2006
Est. Priority Date: 12/04/2001
Status: Active Grant

First Claim

Patent Images

1. A method of detecting a malicious computer program in a computer network having a plurality of network nodes, the method comprising:

identifying a first file having a first content that has been modified within a predetermined time interval;

identifying a second file having a second content that has been modified within the predetermined time interval;

determining whether the first content and the second content are substantially identical;

if the first content and the second content are substantially identical, notifying a computer network server that a malicious computer program is present in the computer network; and

if the first content and the second content are not substantially identical, continuing normal operation of the computer network wherein the first file is on a first network node and the second file is on a second network node.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing damage control caused by a virus epidemic in a network environment are advantageously provided according to the intention. The system according to a preferred embedment of the invention effectively and rapidly distributes antivirus protection and cure measures within the network so as to reduce the level of damage during the virus epidemic. The method according to the invention contains the spread of a computer virus in a network system by detecting the traffic flow and analyzing the identical sections in files modified in a short time period. The network system accordingly includes a management server, a management information database (MIB) having a plurality of tasks for performing work in the network system, and a plurality of device node. Each network task corresponds to an event occurring in the system. Damage control caused by a virus epidemic in a network environment is controlled and level of damage is accordingly reduced.

51 Citations

View as Search Results

10 Claims

1. A method of detecting a malicious computer program in a computer network having a plurality of network nodes, the method comprising:
- identifying a first file having a first content that has been modified within a predetermined time interval;
  
  identifying a second file having a second content that has been modified within the predetermined time interval;
  
  determining whether the first content and the second content are substantially identical;
  
  if the first content and the second content are substantially identical, notifying a computer network server that a malicious computer program is present in the computer network; and
  
  if the first content and the second content are not substantially identical, continuing normal operation of the computer network wherein the first file is on a first network node and the second file is on a second network node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as rccited in claim 1 further comprising:
    - identifying a critical number of files, each file having a content that has been modified within the predetermined time interval; and
      
      determining whether the content in each of the critical number of files are substantially identical to one another.
  - 3. A method as recited in claim 2 further comprising:
    - if the content in each of the critical number of files are substantially identical to one another, notifying a computer network server that a malicious computer program is present in the computer network.
  - 4. A method as recited in claim 2 wherein the critical number of files is distributed over a plurality of network nodes.
  - 5. A method as recited in claim 1 wherein the computer network server executes a process of eliminating the malicious computer program.
  - 6. A method as recited in claim 5 farther comprising transmitting a curative computer program to the computer network.
  - 7. A method as recited in claim 1 wherein notifying a computer network server further comprises excluding a network area containing one or more network nodes storing the first content and the second content from normal network operation.
  - 8. A method as recited in claim 1 wherein notifying a computer network server further comprises designating a task leader for executing work normally executed by the computer network server, such that the server is not overloaded with curative and prevention functions if a malicious computer program is present.
  - 9. A method as recited in claim 1 wherein the computer network is a network of subscriber devices including mobile phones and portable communication devices.
  - 10. A method as recited in claim 1 wherein the computer network is a wireless communication system and the plurality of network nodes includes mobile phones, hand-held portable devices, and IP-enabled devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Liang, Yung Chang
Primary Examiner(s)
Lin, Wen-Tai

Application Number

US10/199,078
Publication Number

US 20030115483A1
Time in Patent Office

1,422 Days
Field of Search

709/224, 709/223, 709/246, 713/201, 713/200, 714/28, 714/38
US Class Current

709/224
CPC Class Codes

H04L 63/1416 Event detection, e.g. attac...

H04L 63/145 the attack involving the pr...

Virus epidemic damage control system and method for network environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Virus epidemic damage control system and method for network environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links