Malicious software generally refers to software code which is hostile, intrusive, or annoying. Malicious software typically comprises computer-executable code, including files, scripts, active content, and other software, and may be in discrete form (such as an executable file, for example), or may be a portion of a larger file (for example, embedded in a larger executable file, document, or script). Malicious software can be designed to disrupt or deny the operation of a computer system or network, obtain information from the system or network, enable unauthorized access to system resources, and other behavior. The detection of and response to malicious software is of great importance to owners and operators of computer systems and networks, but can be complicated by a number of factors.
Traditional computer vulnerability assessments and incident response procedures typically provide a snapshot view of malicious software threats. Since malicious software can, for example, remain inactive for a period of time, or until it detects an event or receives a command, using a snapshot view can be ineffective in detecting malicious software. Furthermore, malicious software can be designed to change itself over time, and such polymorphic malicious software can defeat detection techniques which rely on matching search targets against lists of known malicious software and signatures.