Tracking and reporting of computer virus information

US 7,496,960 B1
Filed: 10/30/2000
Issued: 02/24/2009
Est. Priority Date: 10/30/2000
Status: Expired due to Term

First Claim

Patent Images

1. A real-time virus tracking and display system for use with a distributed computer network, the system comprising:

a plurality of potentially infected client end-user computers, said end-user computers being distributed over said distributed computer network;

a first anti-virus scanning server executing software from a first vendor and a second anti-virus scanning server executing software from a second vendor, each accessible via the distributed computer network, said first anti-virus scanning server and said second anti-virus scanning server each including an anti-virus scanning program, whereby client users contact the first scanning server or the second scanning server to facilitate virus scanning of the client end-user computers by downloading said anti-virus scanning program;

a scan log which is sent back to at least one of the first anti-virus scanning server and the second anti-virus scanning server over said distributed computer network from each client user, the scan log containing a virus name and a location of the end-user computer, wherein only location data is related to the identity of the end-user computer;

a virus-tracking server for receiving the scan log information from said client end-user computers in real-time via the first anti-virus scanning server from the first vendor and the second anti-virus scanning server from the second vendor, wherein the virus-tracking server is operable with a plurality of anti-virus scanning servers and anti-virus scanning programs;

a database server associated with the virus-tracking server for processing the scan log information into virus-tracking information; and

at least one virus tracking display mode accessible by a tracking user from the virus tracking server, the display mode providing real-time updates of said virus tracking information pertaining to the scan logs, wherein the anti-virus scanning program residing at the client end-user computers generates one or more maps displaying the real-time updates, and wherein the one or more maps are generated and displayed at the client end-user computers include a view menu, a track menu, a select menu, and a time period menu and a display block showing worldwide virus infection rates and wherein the anti-virus scanning program generates a virus count graph showing static counts of prevalent viruses worldwide during a predetermined time frame.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Reexamination

Accused Products

Abstract

An apparatus and method for providing real-time tracking of virus information as reported from various computers on a distributed computer network. Each client computer on the distributed network contacts an anti-virus scanning site. The site provides a small program or applet that resides in temporary memory of the client computer. The client-user invokes the scan with supplied pattern updates for detecting recent viruses. When the scan has been completed, the user is prompted to supply a country of origin. The name of the virus, its frequency of occurrence, and the country are forwarded as a virus scan log to a virus tracking server, which receives the virus information and thereafter stores it in a database server, which is used to further calculate virus trace display information. A tracking user contacts the virus tracking server and receives map information, which traces the virus activity. The maps show, according to user preference, the names of the viruses encountered in each country, and their frequencies of occurrence.

347 Citations

26 Claims

1. A real-time virus tracking and display system for use with a distributed computer network, the system comprising:
- a plurality of potentially infected client end-user computers, said end-user computers being distributed over said distributed computer network;
  
  a first anti-virus scanning server executing software from a first vendor and a second anti-virus scanning server executing software from a second vendor, each accessible via the distributed computer network, said first anti-virus scanning server and said second anti-virus scanning server each including an anti-virus scanning program, whereby client users contact the first scanning server or the second scanning server to facilitate virus scanning of the client end-user computers by downloading said anti-virus scanning program;
  
  a scan log which is sent back to at least one of the first anti-virus scanning server and the second anti-virus scanning server over said distributed computer network from each client user, the scan log containing a virus name and a location of the end-user computer, wherein only location data is related to the identity of the end-user computer;
  
  a virus-tracking server for receiving the scan log information from said client end-user computers in real-time via the first anti-virus scanning server from the first vendor and the second anti-virus scanning server from the second vendor, wherein the virus-tracking server is operable with a plurality of anti-virus scanning servers and anti-virus scanning programs;
  
  a database server associated with the virus-tracking server for processing the scan log information into virus-tracking information; and
  
  at least one virus tracking display mode accessible by a tracking user from the virus tracking server, the display mode providing real-time updates of said virus tracking information pertaining to the scan logs, wherein the anti-virus scanning program residing at the client end-user computers generates one or more maps displaying the real-time updates, and wherein the one or more maps are generated and displayed at the client end-user computers include a view menu, a track menu, a select menu, and a time period menu and a display block showing worldwide virus infection rates and wherein the anti-virus scanning program generates a virus count graph showing static counts of prevalent viruses worldwide during a predetermined time frame.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system according to claim 1, wherein the tracking user can configure the display modes to show the virus-tracking information in association with user-selected geographic maps of where the viruses are occurring.
  - 3. The system according to claim 2, wherein the display modes includes a plurality of web pages with user selectable menus to configure the virus tracking display mode on the pages.
  - 4. The system according to claim 1, wherein the scan log information contains no information relating to the direct identification of the client user.
  - 5. The system according to claim 4, wherein the scan log information includes the name of the virus, the frequency of its occurrence, and the geographic location of the infected computer.
  - 6. The system according to claim 1, wherein a servlet program on the virus-tracking server is used to receive the scan log information from the at least one anti-virus scanning server.
  - 7. The system according to claim 1, wherein a polling program is used to regularly retrieve the virus tracking information from the database server and store it in a data object.
  - 8. The system of claim 7, wherein a common gateway interface (CGI) program is used to retrieve the data object for display by the tracking user.
  - 9. The system of claim 1, wherein a Java applet running on a tracking user browser is used to display a real-time virus trace map.
  - 10. The system of claim 1, wherein the client user is also the tracking user.
  - 11. The system of claim 1, wherein the distributed computer network includes the Internet, wherein said scan log from each scanned client computer is sent back over the Internet to be received by said virus tracking server, and wherein said virus tracking display mode is accessible over the Internet by said tracking user.
  - 12. The system according to claim 1 wherein said virus tracking information identifies concentrations of a computer virus at said client end-user computer locations.
  - 13. The system according to claim 1 wherein said scan log information is processed by aggregating said scan logs from each client end-user computer and then synthesizing said virus tracking information.

14. A method to provide real-time virus tracking and display for use with a distributed computer network, the method comprising:
- providing an anti-virus scanning program to a client end-user computer from a first anti-virus scanning server executing software from a first vendor or from a second anti-virus scanning server executing software from a second vendor, each accessible via the distributed computer network;
  
  invoking the anti-virus scanning program from a plurality of potentially infected client end-user computers by downloading said antivirus scanning program, said end-user computers being distributed over said distributed computer network;
  
  generating a scan log from each scanned client end-user computer and sending the scan log back from each client end-user computer over said distributed computer network, the scan log including virus name and a location of the end-user computer, wherein only the location relates to the identity of the end-user computer, thereby maintaining the privacy of the plurality of client users;
  
  receiving the scan log information from said client end-user computers in real-time at the first anti-virus scanning server and the second anti-virus scanning server and transmitting the scan log information to a virus tracking server associated with the distributed computer network capable of operating with anti-virus scanning servers from multiple vendors;
  
  processing the scan log information into virus tracking information and storing it on a database server associated with the virus-tracking server; and
  
  retrieving the virus tracking information from the virus-tracking server; and
  
  displaying a real-time trace on the client end-user computer using the anti-virus scanning program, wherein real-time trace data are displayed in one or more maps generated by the anti-virus scanning program on the client end-user computer; and
  
  enabling a client user to select from one or more maps a view menu, a track menu, a select menu, and a time period menu and a display block showing worldwide virus infection rates and wherein the anti-virus scanning program generates a virus count graph showing static counts of prevalent viruses worldwide during a predetermined time frame.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method according to claim 14, which further includes configuring display modes by the tracking user to show the virus-tracking information in association with user-selected geographic maps of where the viruses are occurring.
  - 16. The method according to claim 15, which further includes displaying the display modes via a plurality of web pages with user selectable menus to configure the virus-tracking information on the pages.
  - 17. The method according to claim 14, wherein the scan log contains no information relating to the direct identification of the client user.
  - 18. The method according to claim 17, wherein the scan log includes the name of the virus, the frequency of its occurrence, and the geographic location of the infected computer.
  - 19. The method according to claim 14, which further includes providing a servlet program on the virus-tracking server to receive the scan log from the at least one anti-virus scanning server.
  - 20. The method according to claim 14, which further includes providing a polling program to regularly retrieve virus tracking information from the database server and store it in a data object.
  - 21. The method of claim 20, which further includes providing a common gateway interface (CGI) program to retrieve the data object for display by the tracking user.
  - 22. The method of claim 14, which further includes running a Java applet on the browser of the tracking user device to display a real-time virus trace map.
  - 23. The method of claim 14, wherein the client user is also the tracking user.
  - 24. The method of claim 14, wherein the distributed computer network includes the Internet, wherein said scan log from each scanned client computer is sent back over the Internet to be received by said virus tracking server, and wherein said real-time trace displayed on said tracking user device is made available over the Internet.
  - 25. The method according to claim 14 wherein said virus tracking information identifies concentrations of a computer virus at said client end-user computer locations.
  - 26. The method according to claim 14 wherein processing said scan log information includesaggregating said scan logs from each client end-user computer, andsynthesizing said virus tracking information from said aggregated scan logs.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Chen, Eva, Sun, Jimmy, Chou, Terrence, Deutsch, Steven, Havran, Mark
Primary Examiner(s)
Moise; Emmanual L.
Assistant Examiner(s)
Khoshnoodi; Nadia

Application Number

US09/702,289
Time in Patent Office

3,039 Days
Field of Search

713/188, 713/200, 713/201
US Class Current

726/22
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/564   by virus signature recognition

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2115   Third party

Tracking and reporting of computer virus information

First Claim

1 Assignment

0 Petitions

Reexamination

Accused Products

Abstract

347 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Tracking and reporting of computer virus information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

347 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others