Malware detector

摘要

A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.

主权项

1. An apparatus, comprising:
a memory; and a hardware processor communicatively coupled to the memory, the hardware processor configured to intercept a communication from an application executing at a compute device, the communication addressed to a server different from the compute device, the hardware processor configured to produce an active content challenge for the application based on the communication, the hardware processor configured to send the active content challenge to the application, the hardware processor configured to identify the application as malware based at least in part on not receiving, in response to the active content challenge, a valid automatic non-user-interactive application response from the application within a predetermined time period, the hardware processor configured to prevent the communication from being sent to the server in response to the application being identified as malware.