Computing devices have increasingly become targets of malicious actors through use of malware. Some types of malware, such as viruses, can cause loss of important business or personal data. Other types of malware, such as spyware, can enable malicious actors to gain access to confidential information.
Many malware detection applications use signatures (or malware definitions) to detect malware. For example, an executable file that includes malware may be processed using a hash function to generate a hash value. The hash value may act as a signature of the entire executable file or of a malware portion of the executable file. The signature may be provided to users of a malware detection application via a malware definitions update. During operation, the malware detection application compares a signature of a malware application in the malware definitions to files in memory or to received files to determine whether the files include the malware. One problem with detecting malware in this way is that new malware can be generated very quickly, potentially at a rate that is equal to or greater than distribution of new malware definitions. Accordingly, it is not unusual for a new malware or new malware-containing file to be distributed to many consumers before the consumers receive appropriate malware definitions updates to enable detection of the new malware.