Although rare, targeted malware attacks (e.g., spear-phishing attacks) pose serious and harmful threats to individuals and organizations that store or manage secure or sensitive data. As opposed to worms and viruses that are designed to spread quickly across multiple computing systems, targeted attacks may be tailored and directed to a specific organization or an individual within an organization. For example, an attacker may distribute a seemingly-legitimate email requesting access to sensitive information to an individual known to have access to the information. In another example, an attacker may design malicious software to specifically evade the security measures implemented within a particular computing system. As a result, conventional anti-malware systems that scan messages and other files for known indications of malware may be unable to effectively detect sophisticated and personalized targeted malware attacks.
In addition, even if a traditional anti-malware system is capable of detecting targeted malware attacks, the system may use excessive time and computing resources (compared to detecting other types of malware) in order to detect such advanced attacks. As such, implementing targeted malware attack detection systems across large companies or enterprises may be impractical or ineffective. Accordingly, the current disclosure identifies a need for improved methods for preventing targeted malware attacks.