1. Field of the Invention
This invention pertains in general to computer security and in particular to the identification of malware using malware signatures.
2. Description of the Related Art
There is a wide variety of malicious software (malware) that can attack modern computers. Malware threats include computer viruses, worms, Trojan horse programs, spyware, adware, crimeware, and phishing websites. Modern malware is often designed to provide financial gain to the attacker. For example, malware can surreptitiously capture important information such as logins, passwords, bank account identifiers, and credit card numbers. Similarly, the malware can provide hidden interfaces that allow the attacker to access and control the compromised computer.
Security computer systems and software for counteracting malware typically operate by seeking to identify malware signatures in entities. Malware signatures contain data describing characteristics of malware and can be used to determine whether an entity such as a computer file or a software application contains malware. Typically, a set of malware signatures is generated by a provider of security software and deployed to security software on clients. This set of malware signatures is then used by the security software to detect malware on the clients.
The amount of malware to which a client can be exposed in computing environments continues to increase over time. Consequently, the size of the set of malware signatures that must be deployed to clients is also growing. However, a large set of malware signatures consumes computing resources at the clients, such as disk and memory resources, and also slows client-side malware scans.
Accordingly, there is a need in the art for decreasing the size of the set of malware signatures deployed to clients without compromising the ability to detect malware on the clients.