Abstract: Protecting a network device from malicious executable code embedded in a computer document. In one embodiment, a method may include detecting executable code embedded in a computer document stored on a network device. The method may also include detecting a potential hoax object in the computer document. The method may further include determining that the potential hoax object is a hoax object by determining that the potential hoax object includes a message enticing a user to enable execution of the executable code. The method may also include, in response to determining that the potential hoax object is a hoax object, concluding that the executable code is malicious and performing a security action on the network device that secures the network device from the malicious executable code.

Abstract: Automatically detecting a malicious file using name mangling strings. In one embodiment, a method may include (a) identifying a file, (b) identifying name mangling strings in the file, (c) concatenating the name mangling strings together, (d) hashing the concatenated name mangling strings to generate a signature for the file, (e) clustering the file with other files with matching signatures into a cluster, (f) determining that any of the files in the cluster is malicious, (g) adding the signature to a list of signatures of files known to be malicious, (f) identifying a network device file stored on a network device, (g) repeating (b)-(d) on the network device file, (h) determining that the signature for the network device file matches any signature in the list of signatures of files known to be malicious, and (i) performing a security action on the malicious file on the network device.

Abstract: A method in a repository coupled to a computer system that generates OLE automation and Interface Definition Language ("IDL") interfaces from metadata (i.e., information about data). Visual Basic programming language is used to develop a tool that generates the automation binding from the metadata in the repository. The method extends C++ programming language binding across networks, independent of the Object Request Broker (ORB) being used. A schema is provided that maps the types and features of a repository to OLE automation and member functions for Windows. The method also integrates the Application Programming Interface (API) of a repository with Windows scripting programming languages through Object Linking and Embedding (OLE).