1. Field of the Invention
This invention pertains in general to identification of malicious remote objects and in particular to a cooperative system for detection of potentially malicious remote objects in the transmission path to a client.
2. Description of the Related Art
Conventional attempts to catalogue malicious websites use web crawlers to retrieve pages and classify the pages and their content. However, a malicious web server has control over what content is presented, to whom, and when. Thus, malicious web servers can serve content to a web crawler that appears to be clean, while serving malicious content to end users of the website, using information such as the internet protocol (IP) address of the requestor. Security web crawler IP addresses, e.g., often are published and/or otherwise well known.
Malicious web servers also can block crawler IP addresses, provide malicious data only sometimes (e.g., every X visitor, only on X day of the week, etc.), and lure end users using side channels only, such as instant messenger (IM) and email, rather than via direct links to the malicious content. As a result, conventional Web filters are unable to adequately block malware websites. Thus, the only place guaranteed to provide the same data that the end user is retrieving is the communications path between the end user and the website.