System and method for autonomic peer-to-peer virus inoculation

US 8,091,134 B2
Filed: 11/29/2006
Issued: 01/03/2012
Est. Priority Date: 11/29/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, at a detecting client computer system, a computer file from an infected client computer system, wherein the detecting client computer system and the infected client computer system are peers and connected to a common computer network, wherein neither the detecting client computer system nor the infected client computer system is a server;

scanning the received computer file at the detecting client computer system using a first plurality of virus definitions accessible to the detecting client computer system;

detecting, based on the scanning at the detecting client computer system, a virus in the received computer file;

retrieving virus information corresponding to the detected virus, wherein the virus information includes a virus definition selected from the first plurality of virus definitions;

removing, by the detecting client computer system, the virus from the received computer file using the selected virus definition, resulting in a disinfected computer file;

in response to removing the virus from the received computer file, determining, by the detecting client computer system, that the virus can automatically be removed;

in response to the determination, retrieving, by the detecting client computer system, instructions to remove the virus; and

automatically sending, by the detecting client computer system, the selected virus definition and the instructions to remove the virus to the infected client computer system over the common computer network using a peer-to-peer connection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and program product is provided that communicates virus information between a computer that detects a virus in a file (the detecting computer system) and the computer that sent the infected file (the infected computer system). When the infected computer system sends an infected file to the detecting computer system the detecting computer system detects the virus in the infected file, retrieves virus information corresponding to the virus (such as the name of the infected file, the identifier, or name, of the virus, the virus definitions used to identify the virus, and any instructions needed to eradicate the virus), and automatically sends the virus information back to the infected computer system over the network.

15 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving, at a detecting client computer system, a computer file from an infected client computer system, wherein the detecting client computer system and the infected client computer system are peers and connected to a common computer network, wherein neither the detecting client computer system nor the infected client computer system is a server;
  
  scanning the received computer file at the detecting client computer system using a first plurality of virus definitions accessible to the detecting client computer system;
  
  detecting, based on the scanning at the detecting client computer system, a virus in the received computer file;
  
  retrieving virus information corresponding to the detected virus, wherein the virus information includes a virus definition selected from the first plurality of virus definitions;
  
  removing, by the detecting client computer system, the virus from the received computer file using the selected virus definition, resulting in a disinfected computer file;
  
  in response to removing the virus from the received computer file, determining, by the detecting client computer system, that the virus can automatically be removed;
  
  in response to the determination, retrieving, by the detecting client computer system, instructions to remove the virus; and
  
  automatically sending, by the detecting client computer system, the selected virus definition and the instructions to remove the virus to the infected client computer system over the common computer network using a peer-to-peer connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - establishing a peer-to-peer computer network between the detecting client computer system and the infected client computer system prior to the automatic sending of the selected virus definition and the instructions to remove the virus, wherein the peer-to-peer computer network is established over the common computer network, and wherein the selected virus definition and the instructions to remove the virus are automatically sent over the established peer-to-peer network.
  - 3. The method of claim 2 wherein the establishing further comprises:
    - requesting, by the detecting client computer system, the peer-to-peer network; and
      
      receiving an acceptance of the peer-to-peer network request from the infected client computer system, wherein the acceptance of the peer-to-peer network request is in response to the detecting client computer system being a trusted computer system to the infected client computer system.
  - 4. The method of claim 2 further comprising:
    - digitally signing the selected virus definition and the instructions to remove the virus at the detecting client computer system using a private encryption key corresponding to the detecting client computer system, wherein the signed selected virus definition and the instructions to remove the virus is sent to the infected client computer system over the established peer-to-peer network.
  - 5. The method of claim 4 further comprising:
    - receiving the digitally signed selected virus definition and instructions to remove the virus at the infected client computer system; and
      
      authenticating the digitally signed selected virus definition and instructions to remove the virus at the infected client computer system by using a public encryption key that corresponds to the detecting client computer system.
  - 6. The method of claim 1 further comprising:
    - receiving, at the infected client computer system, the selected virus definition that was automatically sent by the detecting client computer system; and
      
      updating a second plurality of virus definitions accessible to the infected client computer system with the selected virus definition.
  - 7. The method of claim 1 further comprising:
    - receiving, at the infected client computer system, the selected virus definition and the instructions to remove the virus that was automatically sent by the detecting client computer system;
      
      scanning a plurality of files stored at the infected client computer system using the selected virus definition and the instructions to remove the virus; and
      
      removing the virus from one or more of the files stored at the infected client computer system in response to the scanning.

8. A information handling system comprising:
- one or more processors;
  
  a memory accessible by at least one of the processors;
  
  a nonvolatile storage area accessible by at least one of the processors;
  
  a network interface adapter connecting the information handling system to a computer network; and
  
  a set of instructions stored in the memory, wherein one or more of the processors executes the set of instructions in order to perform actions of;
  
  receiving, at the network interface adapter, a computer file from an infected client computer system, wherein the information handling system and the infected client computer system are peers and connected to the computer network, wherein neither the information handling system nor the infected client computer system is a server;
  
  scanning the received computer file using a first plurality of virus definitions stored in the nonvolatile storage area;
  
  detecting, based on the scanning by the information handling system, a virus in the received computer file;
  
  retrieving virus information corresponding to the detected virus, wherein the virus information includes a virus definition selected from the first plurality of virus definitions;
  
  removing, by the information handling system, the virus from the received computer file using the selected virus definition, resulting in a disinfected computer file;
  
  in response to removing the virus from the received computer file, determining, by the information handling system, that the virus can automatically be removed;
  
  in response to the determination, retrieving, by the information handling system, instructions to remove the virus; and
  
  automatically sending the selected virus definition and the instructions to remove the virus to the infected client computer system over the common computer network via the network interface adapter using a peer-to-peer connection.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The information handling system of claim 8 wherein the set of instructions perform further actions comprising:
    - establishing a peer-to-peer computer network between the information handling system and the infected client computer system prior to the automatic sending of the selected virus definition and the instructions to remove the virus, wherein the peer-to-peer computer network is established over the common computer network, and wherein the selected virus definition and the instructions to remove the virus are automatically sent over the established peer-to-peer network.
  - 10. The information handling system of claim 9 wherein the set of instructions that perform the establishing perform further actions comprising:
    - requesting, by the information handling system, the peer-to-peer network; and
      
      receiving an acceptance of the peer-to-peer network request from the infected client computer system, wherein the acceptance of the peer-to-peer network request is in response to the information handling system being a trusted computer system to the infected client computer system.
  - 11. The information handling system of claim 9 wherein the set of instructions perform further actions comprising:
    - digitally signing the selected virus definition and the instructions to remove the virus at the information handling system using a private encryption key corresponding to the information handling system, wherein the signed selected virus definition and the instructions to remove the virus is sent to the infected client computer system over the established peer-to-peer network.
  - 12. The information handling system of claim 11 wherein the set of instructions perform further actions comprising:
    - receiving the digitally signed selected virus definition and instructions to remove the virus at the infected client computer system; and
      
      authenticating the digitally signed selected virus definition and instructions to remove the virus at the infected client computer system by using a public encryption key that corresponds to the information handling system.
  - 13. The information handling system of claim 8 wherein the set of instructions perform further actions comprising:
    - receiving, at the infected client computer system, the selected virus definition and the instructions to remove the virus that was automatically sent by the information handling system;
      
      updating a second plurality of virus definitions accessible to the infected client computer system with the selected virus definition;
      
      scanning a plurality of files stored at the infected client computer system using the virus definition and the instructions to remove the virus; and
      
      removing the virus from one or more of the files stored at the infected client computer system in response to the scanning.

14. A computer program product stored in a non-transitory computer readable medium, comprising functional descriptive material that, when executed by a data processing system, causes the data processing system to perform actions that include:
- receiving, at a detecting client computer system, a computer file from an infected client computer system, wherein the detecting client computer system and the infected client computer system are connected to a common computer network, wherein neither the detecting client computer system nor the infected client computer system is a server;
  
  scanning the received computer file at the detecting client computer system using a first plurality of virus definitions accessible to the detecting client computer system;
  
  detecting, based on the scanning at the detecting client computer system, a virus in the received computer file;
  
  retrieving virus information corresponding to the detected virus, wherein the virus information includes a virus definition selected from the first plurality of virus definitions;
  
  removing, by the detecting client computer system, the virus from the received computer file using the selected virus definition, resulting in a disinfected computer file;
  
  in response to removing the virus from the received computer file, determining, by the detecting client computer system, that the virus can automatically be removed;
  
  in response to the determination, retrieving, by the detecting client computer system, instructions to remove the virus; and
  
  automatically sending, by the detecting client computer system, the selected virus definition and the instructions to remove the virus to the infected client computer system over the common computer network using a peer-to-peer connection.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer program product of claim 14 wherein the functional descriptive material causes the data processing system to perform further actions comprising:
    - establishing a peer-to-peer computer network between the detecting client computer system and the infected client computer system prior to the automatic sending of selected virus definition and the instructions to remove the virus, wherein the peer-to-peer computer network is established over the common computer network, and wherein the selected virus definition and the instructions to remove the virus are automatically sent over the established peer-to-peer network.
  - 16. The computer program product of claim 15 wherein the establishing further comprises wherein the functional descriptive material causes the data processing system to perform further actions comprising:
    - requesting, by the detecting client computer system, the peer-to-peer network; and
      
      receiving an acceptance of the peer-to-peer network request from the infected client computer system, wherein the acceptance of the peer-to-peer network request is in response to the detecting client computer system being a trusted computer system to the infected client computer system.
  - 17. The computer program product of claim 15 wherein the functional descriptive material causes the data processing system to perform further actions comprising:
    - digitally signing the selected virus definition and the instructions to remove the virus at the detecting client computer system using a private encryption key corresponding to the detecting client computer system, wherein the signed selected virus definition and the instructions to remove the virus is sent to the infected client computer system over the established peer-to-peer network.
  - 18. The computer program product of claim 17 wherein the functional descriptive material causes the data processing system to perform further actions comprising:
    - receiving the digitally signed selected virus definition and instructions to remove the virus at the infected client computer system; and
      
      authenticating the digitally signed selected virus definition and instructions to remove the virus at the infected client computer system by using a public encryption key that corresponds to the detecting client computer system.
  - 19. The computer program product of claim 14 wherein the functional descriptive material causes the data processing system to perform further actions comprising:
    - receiving, at the infected client computer system, the selected virus definition that was automatically sent by the detecting client computer system; and
      
      updating a second plurality of virus definitions accessible to the infected client computer system with the selected virus definition.
  - 20. The computer program product of claim 14 wherein the functional descriptive material causes the data processing system to perform further actions comprising:
    - receiving, at the infected client computer system, the selected virus definition and the instructions to remove the virus that was automatically sent by the detecting client computer system;
      
      scanning a plurality of files stored at the infected client computer system using the selected virus definition and the instructions to remove the virus; and
      
      removing the virus from one or more of the files stored at the infected client computer system in response to the scanning.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Inventors
Benton, Farrel David, Branch, Shane Christopher, Kapinos, Robert J., Salembier, James C., Taylor, Simon David Nicholas, Ulrich, Sean Michael, Octaviano, Raymond G. II, Saba, Alberto Jose Rojas
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Mehrmanesh, Amir

Application Number

US11/564,830
Publication Number

US 20080127347A1
Time in Patent Office

1,861 Days
Field of Search

726 2- 7, 726 22- 25
US Class Current

726/24
CPC Class Codes

G06F 21/56   Computer malware detection ...

H04L 63/126   the source of the received ...

H04L 63/1416   Event detection, e.g. attac...

System and method for autonomic peer-to-peer virus inoculation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for autonomic peer-to-peer virus inoculation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links