| 主权项 |
1. A computer-implemented method for detecting selective malware attacks, the method comprising:
identifying a website visited by a first device operating at a first location, wherein a number of visits to the website satisfies a predetermined threshold; identifying a low prevalence file based on a web crawl of the identified website performed by the first device at the first location, wherein the low prevalence file comprises a file unclassified by a predetermined server; determining whether a web crawl of the identified website performed by the predetermined server results in the predetermined server detecting the low prevalence file; determining whether a web crawl of the identified website performed by a second device operating at a second location results in the second device detecting the low prevalence file; analyzing, by at least one of the first device, second device, and the predetermined server, results of the web crawls to determine whether the identified website distributes a malicious software attack designed to selectively attack visitors to the website; and upon determining the low prevalence file is detected by the second device and not detected by the predetermined server, generating a notification comprising an alert that the identified website is suspected of distributing a malicious software attack designed to target the first device. |
