A method of foiling a document exploit type attack on a computer, where the attack attempts to extract malware code from within a document stored on the computer. The method includes monitoring the computer in order to detect repeated function calls made by a given process in respect of the same function but different file descriptors; and in the event that such repeated function calls are detected or the number of such repeated function calls exceeds some threshold, terminating the process that initiated the function calls.
展开▼