Viruses, Trojans, spyware, and other kinds of malware are a constant threat to any computing device that requires network connectivity. Many different types of security systems exist to combat these threats, ranging from browser plug-ins to virus scanners to firewalls, and beyond. Countless new instances and permutations of malware are created every day, requiring security systems to be constantly updated. Despite all this, many pieces of malware still manage to infect computing devices and carry out a variety of malicious actions.
Unfortunately, traditional systems for identifying malicious files may rely on techniques that are quickly adapted to by attackers. For example, traditional systems that identify malicious files via signatures must have an appropriate signature in order to identify a malicious file and may not be effective unless frequently updated. Similarly, traditional systems that detect malicious files based on heuristics may be unable to identify malicious files that have not yet taken malicious actions. Some traditional systems may be unable to classify a file as malicious or benign until the file has been observed a large number of times. Traditional systems that are unable to immediately identify new malicious files may leave computing devices vulnerable to attack. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for determining the reputations of unknown files.