Abstract: Protecting a network device from malicious executable code embedded in a computer document. In one embodiment, a method may include detecting executable code embedded in a computer document stored on a network device. The method may also include detecting a potential hoax object in the computer document. The method may further include determining that the potential hoax object is a hoax object by determining that the potential hoax object includes a message enticing a user to enable execution of the executable code. The method may also include, in response to determining that the potential hoax object is a hoax object, concluding that the executable code is malicious and performing a security action on the network device that secures the network device from the malicious executable code.

Abstract: Automatically detecting a malicious file using name mangling strings. In one embodiment, a method may include (a) identifying a file, (b) identifying name mangling strings in the file, (c) concatenating the name mangling strings together, (d) hashing the concatenated name mangling strings to generate a signature for the file, (e) clustering the file with other files with matching signatures into a cluster, (f) determining that any of the files in the cluster is malicious, (g) adding the signature to a list of signatures of files known to be malicious, (f) identifying a network device file stored on a network device, (g) repeating (b)-(d) on the network device file, (h) determining that the signature for the network device file matches any signature in the list of signatures of files known to be malicious, and (i) performing a security action on the malicious file on the network device.