Palo Alto Networks, Inc.
Using browser context in evasive web-based malware detection

Abstract:

The use of browser context in detecting malware is disclosed. A Uniform Resource Locator (URL) is received from a user and at a client device. The URL is used to request, at the client device, and from a remote server, content. At least a portion of data received from the remote server is provided by the client device to an external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. A maliciousness verdict is received from the external scanner.