Abstract: One or more techniques and/or systems are provided for file acquisition for reputation evaluation. A reputation service may be configured to evaluate files and provide reputations of such files to clients (e.g., an indication as to whether a file is safe or malicious). If the reputation service receives a reputation request for a file that is unknown to the reputation service (e.g., a file not yet fully acquired by the reputation service), then the reputation service may identify a set of chunks into which the file can be partitioned. The reputation service may obtain chunks from various clients, such as a first chunk from a first client and a second chunk from a second client. Such chunks may be evaluated to assign a reputation to the file. In this way, the reputation service may retrieve portions of a file in a distributed manner for reputation evaluation.

Abstract: One or more techniques and/or systems are provided for file acquisition for reputation evaluation. A reputation service may be configured to evaluate files and provide reputations of such files to clients (e.g., an indication as to whether a file is safe or malicious). If the reputation service receives a reputation request for a file that is unknown to the reputation service (e.g., a file not yet fully acquired by the reputation service), then the reputation service may identify a set of chunks into which the file can be partitioned. The reputation service may obtain chunks from various clients, such as a first chunk from a first client and a second chunk from a second client. Such chunks may be evaluated to assign a reputation to the file. In this way, the reputation service may retrieve portions of a file in a distributed manner for reputation evaluation.

Abstract: In one embodiment, an intelligent detection system 102 may determine if a network target 108 is an adversarial site based on comparing responses to different network sources. The intelligent detection system 102 may select a test apparent network source 110 and a control apparent network source 112 from a network source pool 106. The intelligent detection system 102 may receive the test response responding to a test request from the test apparent network source 110 to a network target 108. The intelligent detection system 102 may receive the control response responding to a control request from the control apparent network source 112 to the network target 108. The intelligent detection system 102 may execute a comparison of the test response to the control response.

Abstract: In one embodiment, an intelligent detection system 102 may determine if a network target 108 is an adversarial site based on comparing responses to different network sources. The intelligent detection system 102 may select a test apparent network source 110 and a control apparent network source 112 from a network source pool 106. The intelligent detection system 102 may receive the test response responding to a test request from the test apparent network source 110 to a network target 108. The intelligent detection system 102 may receive the control response responding to a control request from the control apparent network source 112 to the network target 108. The intelligent detection system 102 may execute a comparison of the test response to the control response.

Abstract: Described is a technology by which phishing-related data sources are processed into aggregated data and a given site evaluated the aggregated data using a predictive model to automatically determine whether the given site is likely to be a phishing site. The predictive model may be built using machine learning based on training data, e.g., including known phishing sites and/or known non-phishing sites. To determine whether an object corresponding to a site is likely a phishing-related object are described, various criteria are evaluated, including one or more features of the object when evaluated. The determination is output in some way, e.g., made available to a reputation service, used to block access to a site or warn a user before allowing access, and/or used to assist a hand grader in being more efficient in evaluating sites.

Abstract: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

Abstract: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

Abstract: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

Abstract: Phishing detection, prevention, and notification is described. In an embodiment, a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email message, from a domain. A phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain. In another embodiment, a Web browsing application receives content, such as data for a Web page, from a network-based resource, such as a Web site or domain. The Web browsing application initiates a display of the content, and a phishing detection module detects a phishing attack in the content by determining that a domain of the network-based resource is similar to a known phishing domain, or that an address of the network-based resource from which the content is received has suspicious network properties.

Abstract: Disclosed are systems and methods that facilitate spam detection and prevention at least in part by building or training filters using advanced IP address and/or URL features in connection with machine learning techniques. A variety of advanced IP address related features can be generated from performing a reverse IP lookup. Similarly, many different advanced URL based features can be created from analyzing at least a portion of any one URL detected in a message.