Detecting computer worms as they arrive at local computers through open network shares
First Claim
1. A computer implemented method for detecting a computer worm being written to a target computer, the method comprising the steps of:
- monitoring, by the target computer, files written to the target computer by a source computer through at least one open share providing the source computer with write access to the target computer; and
determining, by the target computer, that an incoming file written to the target computer by the source computer through the at least one open share is infected with a worm, responsive to the incoming file being similar to a file previously written to the target computer.
2 Assignments
0 Petitions
Accused Products
Abstract
A worm detection manager detects computer worms when they arrive at target computers via open network shares. The worm detection manager monitors incoming file system traffic, and determines the source of incoming files. The worm detection manager determines that an incoming file is infected with a worm, responsive to circumstances such as substantially the same file being written to the target computer by a requisite plurality of computers; substantially the same file being written to the target computer a requisite number of times by the same computer; substantially the same file being written to the target computer a requisite number of times within a requisite time period; and substantially the same file being written to the target computer through a requisite number of open shares.
186 Citations
24 Claims
-
1. A computer implemented method for detecting a computer worm being written to a target computer, the method comprising the steps of:
-
monitoring, by the target computer, files written to the target computer by a source computer through at least one open share providing the source computer with write access to the target computer; and determining, by the target computer, that an incoming file written to the target computer by the source computer through the at least one open share is infected with a worm, responsive to the incoming file being similar to a file previously written to the target computer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable medium containing a computer program product for detecting a computer worm being written to a target computer, the computer readable medium comprising:
-
program code for monitoring, by the target computer, files written to the target computer by a source computer through at least one open share providing the source computer with write access to the target computer; and program code for determining, by the target computer, that an incoming file written to the target computer by the source computer through the at least one open share is infected with a worm, responsive to the incoming file being similar to a file previously written to the target computer. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system for detecting a computer worm being written to a target computer, the computer system comprising:
-
a software portion configured to monitor, by the target computer, files written to the target computer by a source computer through at least one open share providing the source computer with write access to the target computer; and a software portion configured to determine, by the target computer, that an incoming file written to the target computer by the source computer through the at least one open share is infected with a worm, responsive to the incoming file being similar to a file previously written to the target computer. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A computer system for detecting a computer worm being written to a target computer, the computer system comprising:
-
means for monitoring, by the target computer, files written to the target computer by a source computer through at least one open share providing the source computer with write access to the target computer; and means for determining, by the target computer, that an incoming file written to the target computer by the source computer through the at least one open share is infected with a worm, responsive to the incoming file being similar to a file previously written to the target computer. - View Dependent Claims (23, 24)
-
Specification