| 摘要 |
A worm detection manager detects computer worms when they arrive at target computers via open network shares. The worm detection manager monitors incoming file system traffic, and determines the source of incoming files. The worm detection manager determines that an incoming file is infected with a worm, responsive to circumstances such as substantially the same file being written to the target computer by a requisite plurality of computers; substantially the same file being written to the target computer a requisite number of times by the same computer; substantially the same file being written to the target computer a requisite number of times within a requisite time period; and substantially the same file being written to the target computer through a requisite number of open shares.
|
