Viruses, Trojans, spyware, and other kinds of malware are a constant threat to any computing device that requires network connectivity. Many different types of security systems exist to combat these threats, ranging from browser plug-ins to virus scanners to firewalls, and beyond. Countless new instances and permutations of malware are created every day, requiring security systems to be constantly updated. Despite all this, many pieces of malware still manage to infect computing devices and carry out a variety of malicious actions. Some of these pieces of malware may even download other malicious files onto computing devices.
Unfortunately, traditional systems for identifying malicious files may rely on techniques that are quickly adapted to by attackers. For example, traditional systems that identify malicious files via signatures must have an appropriate signature in order to identify a malicious file and may not be effective unless frequently updated. Similarly, traditional systems that detect malicious files based on heuristics may be unable to identify malicious files that have not yet taken malicious actions. In addition, once a piece of malware is identified, traditional systems may not examine related files to determine whether those other files may also be malware. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for identifying malware.