Method and system for detection of malware that connect to network destinations through cloud scanning and web reputation

摘要

A method for detecting malware includes the steps of identifying a one or more open network connections of an electronic device, associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device, determining the address of a first network destination that is connected to the open network connections of the electronic device, receiving an evaluation of the first network destination, and identifying one or more of the executable objects as malware executable objects. The evaluation includes an indication that the first network destination is associated with malware. The malware executable objects includes the executable objects that are associated with the open network connections that are connected to the first network destination.

主权项

1. At least one non-transitory machine accessible storage medium having code stored thereon, the code, when executed on an electronic device, to cause the electronic device to:
identify an executable file to reside in at least a portion of memory of the electronic device; provide, over a network, identity information of a network destination associated with the executable file, the identity information to include a uniform resource locator (“URL ”) of the network destination; receive an indication of reputation information about the network destination; identify, based at least in part on the received indication of reputation information, the executable file as malware, wherein the identification includes a determination of whether the received indication of reputation information indicates that the network destination is associated with malware; and responsive to the identification of the executable file as malware, take at least one of the following actions to protect the electronic device from the malware: block, clean, quarantine, or remove the executable file.