Abstract: Systems and methods are described for mitigation of time-delay based network attacks that seek to avoid detection by email security solutions employing sandboxing. According to one embodiment, a potentially malicious link associated with a communication is received from a computer system by a sandbox device. A link evasion technique, in which a first file to which the potentially malicious link points to at a first time is replaced with a second file on or before a second time, is subverted by the sandbox by evaluating the potentially malicious link at multiple times including generating a first hash value of the contents of the first file, generating a second hash value of the contents of the second file, assigning a threat level to the communication when the hash values differ, and informing the computer system of the threat level assigned to the communication.

Abstract: Systems and methods are described for mitigation of time-delay based network attacks that seek to avoid detection by email security solutions employing sandboxing. According to one embodiment, a potentially malicious link associated with a communication is received from a computer system by a sandbox device. A link evasion technique, in which a first file to which the potentially malicious link points to at a first time is replaced with a second file on or before a second time, is subverted by the sandbox by evaluating the potentially malicious link at multiple times including generating a first hash value of the contents of the first file, generating a second hash value of the contents of the second file, assigning a threat level to the communication when the hash values differ, and informing the computer system of the threat level assigned to the communication.

Abstract: Systems and methods for mitigation of time-delay based network attacks are provided. According to one embodiment, an email directed to a user of an enterprise and containing a potentially malicious link is received by a mail server of the enterprise. At a first time, a file to which the potentially malicious link points is evaluated within a sandbox environment and a first hash value is generated based on contents of the file. At a second time, evaluating, by the sandbox environment, a second file to which the potentially malicious link points, including downloading the second file to which the potentially malicious link points to at the second time and generating a second hash value based on contents of the second file. When the two hash values differ, then the second file is treated as a suspicious or high risk file or is evaluated within the sandbox environment.

Abstract: Systems and methods for mitigation of time-delay based network attacks are provided. According to one embodiment, an email directed to a user of an enterprise and containing a potentially malicious link is received by a mail server of the enterprise. At a first time, a file to which the potentially malicious link points is evaluated within a sandbox environment and a first hash value is generated based on contents of the file. At a second time, a file to which the potentially malicious link points is again evaluated, including downloading the file to which the potentially malicious link points to at the second time and generating a second hash value based on contents of the file. When the two hash values differ, then the file is treated by the mail server as a suspicious or high risk file or is caused to be evaluated within the sandbox environment.