发明名称 |
IDENTIFYING SUSPECTED MALWARE FILES AND SITES BASED ON PRESENCE IN KNOWN MALICIOUS ENVIRONMENT |
摘要 |
Disclosed herein is a system and method for identifying potential sources of malicious activity as well as identifying potentially malicious files that originated from suspected malicious sources. Using an anchor event and telemetry data from devices known to have been infected by malicious activity similar events in the telemetry data between two devices can be identified. These satellite events are then used to identify other files that may have been deposited by the satellite event such that those files can be highlighted to a malware researcher. Additionally, the malware protection may be updated based on this analysis to label an associated site with the satellite event as a malicious site such that the site may be blocked or quarantined. |
申请公布号 |
EP3146460(A1) |
申请公布日期 |
2017.03.29 |
申请号 |
EP20150728260 |
申请日期 |
2015.05.18 |
申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
BRAND, Tomer;MICHELSON, Dan |
分类号 |
G06F21/56;H04L29/06 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|