Palo Alto Networks, Inc.
MALWARE DETECTION USING WATERMARK COOKIES

Abstract:

Techniques for malware detection using watermark cookies are disclosed. In some embodiments, a system, process, and/or computer program product for malware detection using watermark cookies includes receiving a sample at a cloud security service; injecting a watermark cookie in a virtual environment to provide a modified virtual environment; detonating the sample in the modified virtual environment, wherein the modified virtual environment is instrumented for monitoring activities associated with the sample during automated malware analysis of the sample; detecting whether the watermark cookie was accessed in the modified virtual environment during the automated malware analysis of the sample; and determining whether the sample is malware based on whether the watermark cookie was accessed in the modified virtual environment.