摘要 |
<p>A method or apparatus which detects an access request from a source computer file to a target uniform resource locator (URL), obtains reputation data for the target URL, identifies the file requesting the URL, based on the reputation of the URL take further action on the file. If the reputation of the URL suggests that the web page or domain it is trying to access is dangerous or malicious, the file may relate to a virus application, malware, a bot or spyware etc. Therefore the further action may be controlling access of the file to URL, controlling communication of the file, closing applications triggered by the file, displaying a warning message, deleting or quarantining the file. The URL may be determined by accessing a packet header. The file may be identified on the basis of a socket connection by monitoring network connections or hooking socket API functionalities. The file may be given a rating in a reputation rating database, the rating indicating the URL as trustworthy, suspicious or unknown.</p> |