Abstract: Disclosed are various systems, methods, and other embodiments directed to detection of malware in content items. To detect the malware, for example, one or more content items are identified in association with the rendering of a network page in a simulated environment. A plurality of tests are applied to the one or more content items to detect an existence of malware associated with the content items.

Abstract: Disclosed are various systems, methods, and other embodiments directed to detection of malware in content items. To detect the malware, for example, one or more content items are identified in association with the rendering of a network page in a simulated environment. A plurality of tests are applied to the one or more content items to detect an existence of malware associated with the content items.

Abstract: Disclosed are various systems, methods, and other embodiments directed to detection of malware in content items. To detect the malware, for example, one or more content items are identified in association with the rendering of a network page in a simulated environment. A plurality of tests are applied to the one or more content items to detect an existence of malware associated with the content items.

Abstract: A policy-driven automatic network remediation service is described, which resides on the network and is triggered when a network fault is detected. Once triggered, the service automatically connects to network devices in the topological locale of the detected fault and collects diagnostic information from the affected area, running diagnostics which are appropriate to the fault type. The service can validate a set of preconditions prior to taking remedial action. For example, the service can empirically validate that the network topology is actually as expected and that automatic remediation would be safe and would not compromise network availability or redundancy. Diagnostic information can be recorded in a trouble ticket to support post-event auditing. Once the preconditions have been validated, the service can automatically take corrective action based on the type of the fault, such as shutting down an interface on a particular network device.

Abstract: Disclosed are various embodiments for determining a source of malware. At least one embodiment of a method includes receiving browsing data from a plurality of client devices, the data being sent by the plurality of client devices, in response to a determination of malware on the plurality of client devices and determining, from the browsing data, a source for the malware. Further, some embodiments include determining whether the source for the malware is associated with a predetermined network site and in response to determining that the source of the malware is associated with a predetermined network site, preventing download of at least a portion of the predetermined network site.

Abstract: Disclosed are various systems, methods, and other embodiments directed to detection of malware in content items. To detect the malware, for example, an environment is simulated in a computing device configured to render a network page having a container for content placement. The existence of malware in a content item is detected in the computing device by implementing a rendering of the network page in the environment with the content item inserted in the container to detect an unauthorized action by the content item.

Abstract: Techniques described and suggested herein include systems and methods for identifying potential sources of infections of devices by unauthorized code. In an embodiment, network traffic is logged. A plurality of computing devices that include unauthorized code is identified. The logged traffic is used to identify information sources accessed by the identified affected devices. The identified information sources may be refined. Refinement of the identified information sources may include excluding information sources that have been accessed by uninfected devices. A user interface that allows a user to further refine the identified information sources may be provided.

Abstract: Disclosed are various embodiments for determining a source of malware. At least one embodiment of a method includes receiving browsing data from a plurality of client devices, the data being sent by the plurality of client devices, in response to a determination of malware on the plurality of client devices and determining, from the browsing data, a source for the malware. Further, some embodiments include determining whether the source for the malware is associated with a predetermined network site and in response to determining that the source of the malware is associated with a predetermined network site, preventing download of at least a portion of the predetermined network site.