Systems and methods for using reputation data to detect shared-object-based security threats

摘要

Computer-implemented methods and systems for using reputation data to detect shared-object-based security threats are disclosed. In one example, an exemplary method for performing such a task may comprise: 1) identifying a process, 2) identifying an executable file associated with the process, 3) identifying at least one shared object loaded by the process, 4) obtaining reputation data for both the executable file and the shared object from a reputation service, 5) determining that the shared object represents a potential security risk by comparing the reputation data for the executable file with the reputation data for the shared object and determining that the reputation data for the shared object is significantly different from the reputation data for the executable file, and then 6) performing a security operation on the shared object. Corresponding server-side methods and systems for identifying malicious shared objects based on reputation data are also disclosed.