Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Patent
1998-03-12
2000-08-22
Beausoliel, Jr., Robert W.
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
713200, 713201, 714 26, 717 4, G06F 1100, G06F 1300
Patent
active
061087998
ABSTRACT:
Disclosed is a system and method for automatically generating at least one instance of a computer macro virus that is native to or associated with an application. The method includes steps of (a) providing a suspect virus sample; and (b) replicating the suspect virus sample onto a least one goat file, using at least one of simulated user input or interprocess communication commands for exercising the goat file through the application, to generate an infected goat file. A further step can be executed of (c) replicating the infected goat file onto a least one further goat file, using at least one of simulated user input, such as keystrokes, mouse clicks and the like, or interprocess communication commands, to generate an additional instance of an infected goat file. The step of providing includes a step of determining attributes of the suspect virus sample, and the steps of exercising employ simulated user input or interprocess communication commands that are selected based at least in part on the determined attributes. As a parallel process the steps of exercising include steps of detecting an occurrence of a window, such as a pop-up window that is opened by one of the application or the macro virus; and using at least one of simulated user input or interprocess communication command(s) for closing the opened window. In this manner the replication process is not halted by a window that requires input from a user.
REFERENCES:
patent: 5398196 (1995-03-01), Chambers
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5452442 (1995-09-01), Kephart
patent: 5485575 (1996-01-01), Chess et al.
patent: 5572590 (1996-11-01), Chess
patent: 5613002 (1997-03-01), Kephart et al.
patent: 5826013 (1998-10-01), Nachenberg
patent: 5842002 (1998-11-01), Schnurer et al.
patent: 5951698 (1999-09-01), Chen et al.
patent: 5978917 (1999-11-01), Chi
patent: 6016546 (2000-01-01), Kephart et al.
patent: 6021510 (2000-02-01), Nachenberg
patent: 6026502 (2000-02-01), Wakayama
Symantec, Understanding Heuristics: Symantec's Bloodhound technology, Sep. 1997, www.symantec.com, pp. 1-14.
An Immune System for Cyberspace by Jeffrey O. Kephart et al. in IEEE, 1997, pp. 879-884 Biologically Inspired defenses Against Computer Viruses J. Kephart et al, at High Integrity Computing Laboratory at IBM Thomas J. Watson Research Center, Yorktown Heights, NY 10598, pp. 985-996.
J. O. Kephart et al., "Blueprint for a Computer Immune System", Presented at the Virus Bulleting International Conference in San Fransisco, Oct. 1-3, 1997., 14 Pages, <URL :http://www.av.ibm.com/InsideTheLab/Bookshelf/Scientific Papers/Kephart/VB97>.
"Method of Rule-Based File, Window, and Messages Processing", IBM Technical Disclosure Bulletin, vol. 38, No. 7, Jul. 1995.
Vesselin Bontchev, "Possible macro virus attacks and how to prevent them", Computers & Security, vol. 15, No. 7, pp. 596-626, (1996).
Boulay Jean-Michel Yann
Petrillo August T.
Swimmer Morton Gregory
Beausoliel, Jr. Robert W.
International Business Machines - Corporation
Weir James G.
LandOfFree
Automated sample creation of polymorphic and non-polymorphic mar does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automated sample creation of polymorphic and non-polymorphic mar, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automated sample creation of polymorphic and non-polymorphic mar will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-595318