摘要 |
A method and apparatus for identifying an electronic file as polymorphic malware. A server receives from a client device a hash value and metadata associated with an electronic file. The server determines that the received metadata relates to corresponding metadata stored at a database, the corresponding stored metadata being associated with a further hash value that differs from the received hash value. A determination is made that each of the received hash values have been reported by fewer than a predetermined number of clients and, as a result, it is determined that the electronic file is likely to be polymorphic malware. |