A filter that prevents the spread of mail-attachment-type Trojan horse computer worms.

The malicious code "W32/Sircam" is spread via e-mail and potentially through the file space shared by local area networks. Such Trojan-horse-type computer worms easily penetrate Internet firewalls and propagate via the "backdoor" to other computers. Once a malicious code, such as "W32/Sircam," has been executed on a system, it may reveal or delete confidential data, such as clinical records. In order to protect against the leakage of clinical records, we devised a mail filter that successfully prevents the spread of mail containing this malicious code. It is significant that neither access control nor packet filtering is guaranteed to prevent the spread of this mail-attachment-type Trojan horse computer worm.