Using a benevolent worm to assess and correct computer security vulnerabilities

US 7,296,293 B2
Filed: 12/31/2002
Issued: 11/13/2007
Est. Priority Date: 12/31/2002
Status: Active Grant

First Claim

Patent Images

1. A method for assessing computer security vulnerabilities, the method comprising:

a benevolent worm attempting to copy itself to a computer, in order to assess potential security vulnerabilities of the computer;

the benevolent worm attempting to copy itself to an additional computer, in order to assess potential security vulnerabilities of the additional computer;

the benevolent worm communicating information concerning at least one security vulnerability of the computer to a benevolent worm controller;

the benevolent worm determining that it has not received a communication from the benevolent worm controller for a length of time;

the benevolent worm sending a signal to the benevolent worm controller responsive to the determination; and

the benevolent worm terminating itself, responsive to not receiving an acknowledgement from the benevolent worm controller.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer readable media utilize a benevolent worm (100) to assess computer security vulnerabilities, and to correct computer security vulnerabilities. A benevolent worm (100) attempts (301) to copy itself to a computer (201), in order to assess (303) potential security vulnerabilities of the computer (201). The benevolent worm (100) communicates information (203) concerning at least one security vulnerability of a computer (201) to a benevolent worm controller (205). The benevolent worm (100) can determine (1003) that a computer (201) has at least one security vulnerability which allowed installation of the benevolent worm (100). The benevolent worm (100) can correct (1005) at least one security vulnerability of the computer (201).

103 Citations

View as Search Results

41 Claims

1. A method for assessing computer security vulnerabilities, the method comprising:
- a benevolent worm attempting to copy itself to a computer, in order to assess potential security vulnerabilities of the computer;
  
  the benevolent worm attempting to copy itself to an additional computer, in order to assess potential security vulnerabilities of the additional computer;
  
  the benevolent worm communicating information concerning at least one security vulnerability of the computer to a benevolent worm controller;
  
  the benevolent worm determining that it has not received a communication from the benevolent worm controller for a length of time;
  
  the benevolent worm sending a signal to the benevolent worm controller responsive to the determination; and
  
  the benevolent worm terminating itself, responsive to not receiving an acknowledgement from the benevolent worm controller.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, the method further comprising:
    - the benevolent worm determining that the benevolent worm has replicated a maximum number of times; and
      
      the benevolent worm not attempting further replication of itself responsive to the determination.
  - 3. The method of claim 1, the method further comprising:
    - the benevolent worm determining that the copy has existed for a set period of time; and
      
      the benevolent worm terminating itself responsive to the determination.
  - 4. The method of claim 1 further comprising:
    - the benevolent worm attempting to access resources of a computer; and
      
      the benevolent worm communicating information concerning at least one attempt to access resources of a computer to the benevolent worm controller.
  - 5. The method of claim 4, wherein the step of attempting to access resources further comprises:
    - attempting to write to a file system.
  - 6. The method of claim 4, wherein the step of attempting to access resources further comprises:
    - attempting to acquire super-user privileges.
  - 7. The method of claim 4, wherein the step of attempting to access resources further comprises:
    - attempting to access a connected computer.
  - 8. The method of claim 4, wherein the step of attempting to access resources further comprises:
    - checking for the existence of a known security vulnerability.
  - 9. The method of claim 4, wherein the step of attempting to access resources further comprises:
    - checking for the installation of known anti-virus software.
  - 10. The method of claim 1, further comprising:
    - the benevolent worm receiving an instruction from the benevolent worm controller.
  - 11. The method of claim 10, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to stop replicating.
  - 12. The method of claim 10, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to self-terminate.
  - 13. The method of claim 10, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to attempt to infect a specific computer.
  - 14. The method of claim 10, wherein:
    - the instruction from the benevolent worm controller comprises an instruction not to attempt to infect a specific computer.
  - 15. The method of claim 1 further comprising:
    - the benevolent worm attempting to infect only those computers with specific network addresses.
  - 16. The method of claim 1 further comprising:
    - the benevolent worm not attempting to infect computers with specific network addresses.
  - 17. The method of claim 1 further comprising:
    - the benevolent worm attempting to infect only those computers running a specific operating system.
  - 18. The method of claim 1 further comprising:
    - the benevolent worm not attempting to infect computers running a specific operating system.
  - 19. The method of claim 1, further comprising:
    - a copy of the benevolent worm determining that a computer has already been infected with the benevolent worm; and
      
      the copy of the benevolent worm not attempting to copy itself to the computer, responsive to the determination.
  - 20. The method of claim 1, further comprising:
    - a copy of the benevolent worm determining that anti-virus software is installed on a computer; and
      
      the copy of the benevolent worm not attempting to copy itself to the computer, responsive to the determination.

21. A computer readable storage medium containing a computer program product for assessing computer security vulnerabilities when executed by a processor, the computer program product comprising:
- program code for attempting to copy the computer program product to remote computers on a network;
  
  program code for assessing potential security vulnerabilities of computers on the network;
  
  program code for communicating, to a benevolent worm controller, information concerning security vulnerabilities of computers on the network;
  
  program code for determining that the computer program product has not received a communication from the benevolent worm controller for a length of time;
  
  program code for sending a signal to the benevolent worm controller responsive to such a determination, the signal indicating current status of the computer program product; and
  
  program code for causing the computer program product to terminate itself, responsive to not receiving an acknowledgement from the benevolent worm controller.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 22. The computer program product of claim 21 further comprising:
    - program code for determining that the computer program product has replicated a maximum number of times; and
      
      program code for not attempting further replication of the computer program product, responsive to such a determination.
  - 23. The computer program product of claim 21 further comprising:
    - program code for determining that the computer program product has existed for a set period of time; and
      
      program code for terminating the computer program product, responsive to such a determination.
  - 24. The computer program product of claim 21 further comprising:
    - program code for attempting to access resources of a computer on which the computer program product resides; and
      
      program code for communicating, to the benevolent worm controller, information concerning at least one attempt to access resources of a computer.
  - 25. The computer program product of claim 24, wherein the program code for attempting to access resources further comprises:
    - program code for attempting to write to a file system.
  - 26. The computer program product of claim 24, wherein the program code for attempting to access resources further comprises:
    - program code for attempting to acquire super-user privileges.
  - 27. The computer program product of claim 24, wherein the program code for attempting to access resources further comprises:
    - program code for attempting to access a connected computer.
  - 28. The computer program product of claim 24, wherein the program code for attempting to access resources further comprises:
    - program code for checking for the existence of a known security vulnerability.
  - 29. The computer program product of claim 24, wherein the program code for attempting to access resources further comprises:
    - program code for checking for the installation of known anti-virus software.
  - 30. The computer program product of claim 21 further comprising:
    - program code for receiving an instruction from the benevolent worm controller.
  - 31. The computer program product of claim 30, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to stop replicating.
  - 32. The computer program product of claim 30, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to self-terminate.
  - 33. The computer program product of claim 30, wherein:
    - the instruction from the benevolent worm controller comprises an instruction to attempt to infect a specific computer.
  - 34. The computer program product of claim 30, wherein:
    - the instruction from the benevolent worm controller comprises an instruction not to attempt to infect a specific computer.
  - 35. The computer program product of claim 21 further comprising:
    - program code for attempting to copy the computer program product only to those computers with specific network addresses.
  - 36. The computer program product of claim 21 further comprising:
    - program code for not attempting to copy the computer program product to computers with specific network addresses.
  - 37. The computer program product of claim 21 further comprising:
    - program code for attempting to copy the computer program product only to those computers running a specific operating system.
  - 38. The computer program product of claim 21 further comprising:
    - program code for not attempting to copy the computer program product to computers running a specific operating system.
  - 39. The computer program product of claim 21 further comprising:
    - program code for determining that the computer program product has already been installed on a computer; and
      
      program code for not attempting to copy the computer program product to the computer, responsive to such a determination.
  - 40. The computer program product of claim 21 further comprising:
    - program code for determining that anti-virus software is installed on the computer; and
      
      program code for not attempting to copy the computer program product to a computer, responsive to such a determination.

41. A system for assessing computer security vulnerabilities, the system comprising:
- means for attempting to copy a benevolent worm to remote computers on a network;
  
  means for assessing potential security vulnerabilities of computers on the network;
  
  means for communicating, to a benevolent worm controller, information concerning security vulnerabilities of computers on the network;
  
  means for determining that the benevolent worm has not received a communication from the benevolent worm controller for a length of time;
  
  means for sending a signal to the benevolent worm controller responsive to such a determination; and
  
  means for causing the benevolent worm to terminate itself responsive to the benevolent worm not receiving an acknowledgement from the benevolent worm controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Isenberg, Henri J.
Primary Examiner(s)
Moise; Emmanuel L.
Assistant Examiner(s)
POPHAM, JEFFREY D

Application Number

US10/334,767
Publication Number

US 20040128530A1
Time in Patent Office

1,778 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

H04L 63/1433 Vulnerability analysis

Using a benevolent worm to assess and correct computer security vulnerabilities

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

41 Claims

Specification

Use Cases

Quick Links

Others

Using a benevolent worm to assess and correct computer security vulnerabilities

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

41 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others