The present invention is directed to the early detection of suspicious binary patterns such as viruses or malware hidden in apparently unrelated files.
Using conventional methods, it is known in the art how to identify and block the transmission of the same or related files from many sources. Using conventional methods, it is known in the art how to identify and block many files transmitted from a single source or from related sources. It is the observation of the inventors that malicious binary patterns are embedded in diverse files and transmitted from many controlled sources such as a botnet in a short timeframe. Each file or binary object containing a malicious binary pattern may be made unique in an automated process and the volume from any single source can be controlled to be less noticeable.
What is needed is a way to efficiently measure binary objects such as files with unlike names, sizes, dates, sources to determine based on their contents, their similarity in binary patterns contained within.