Computer software distributed by various individuals and/or organizations with malicious intent is referred to as “malware”. Malware can, for example, damage computer systems and/or be used to steal personal information of users. Malware typically exploits code vulnerabilities and/or is surreptitiously installed by a user unintentionally.
Anti-malware detects known malware and prevents users from loading the known malware. Conventionally, when a user tries to access a file, the access is intercepted and the file is inspected to check for presence of malware by checking against code patterns in a database of known malicious patterns. Further, for executable or script code, the file execution can be simulated inside a virtual environment, and behavior of the simulated file execution observed. Access to the file is blocked if malware is detected; otherwise, normal access to the file is allowed.
Unfortunately, as anti-malware evolves to detect the ever changing malware, individuals and/or organizations with malicious intent continue to create malware which conventional anti-malware is unable to timely detect.