SYSTEM AND METHOD FOR DETECTING DIRECTED ATTACKS TO CORPORATE INFRASTRUCTURE

摘要

1. A method for detecting malicious objects on a computing device, in which: a) receive information about at least one object, including the checksum of the object using a means of detecting suspicious objects; b) analyze the information about the object using the means detection of suspicious objects, recognize the analyzed object as suspicious in accordance with the set of heuristic rules used by the means of detecting suspicious objects, and transmit information about the said object to and analysis to the object analysis tool; c) they analyze the received information about the object using the object analysis tool, recognize the suspicious object as potentially harmful in accordance with the set of heuristic rules used by the object analysis tool; d) transmit a potentially harmful object for analysis by the object analysis tool, when using a means of detecting suspicious objects based on the results of the analysis of information about the object produced by the facility analysis tool; e) analyze the gender identified potentially malicious object using the facility analysis tool and recognize the said object as malicious if it looks like an object from the database of malicious objects. 2. The method according to claim 1, wherein, using the object analysis means, based on the analysis of the object and the recognition of this object as malicious, the heuristic rules used by the means for detecting suspicious objects and the rules for eliminating the consequences of the presence of the specified malicious object are generated. The way