Automatically generating malware definitions using word-level analysis

What is claimed is: 1. A computer-implemented method for automatically generating and using malware definitions, at least a portion of the method being performed by a computing device comprising one or more processors, the method comprising: receiving information associated with a malicious application; extracting malware strings from the malicious application; filtering the malware strings using a set of safe strings to produce filtered strings; scoring the filtered strings to produce string scores by evaluating words of the filtered strings based on a frequency of appearance of a set of known malicious words; selecting a set of candidate strings from the filtered strings based on the string scores; generating a malware definition for the malicious application based on the set of candidate strings; and performing one or more security actions to protect against the malicious application, using the malware definition. 2. The method of claim 1 , wherein generating the malware definition for the malicious application comprises generating and combining logical rules for enforcement by a security application. 3. The method of claim 1 , further comprising performing a false positive and false negative verification on the malware definition. 4. The method of claim 3 , further comprising publishing the malware definition to a plurality of publication targets. 5. The method of claim 1 , further comprising, prior to scoring the filtered strings, segmenting the filtered strings using a dictionary of malware terms. 6. The method of claim 1 , wherein the set of known malicious words comprises: words derived from a set of known malicious strings; and words derived from at least one existing malware definition. 7. The method of claim 1 , wherein performing the one or more security actions comprises performing malware monitoring on the computing device. 8. The method of claim 1 , wherein segmenting the filtered strings using a dictionary of malware terms comprises: reducing inflected words to their root form. 9. A computing device for automatically generating and using malware definitions, comprising: at least one processor; and a memory coupled to the processor, wherein the processor is configured to: receive information associated with a malicious application; extract malware strings from the malicious application; filter the malware strings using a set of safe strings to produce filtered strings; score the filtered strings to produce string scores by evaluating words of the filtered strings based on a frequency of appearance of a set of known malicious words; select a set of candidate strings from the filtered strings based on the string scores; generate a malware definition for the malicious application based on the set of candidate strings; and perform one or more security actions to protect against the malicious application, using the malware definition. 10. The computing device of claim 9 , wherein the processor is configured to generate the malware definition for the malicious application by generating and combining logical rules for enforcement by a security application. 11. The computing device of claim 9 , wherein the processor is further configured to perform a false positive and false negative verification on the malware definition. 12. The computing device of claim 11 wherein the processor is further configured to publish the malware definition to a plurality of publication targets. 13. The computing device of claim 9 , wherein the processor is further configured to, prior to scoring the filtered strings, segment the filtered strings using a dictionary of malware terms. 14. The computing device of claim 9 , wherein the set of known malicious words comprises: words derived from a set of known malicious strings; and words derived from at least one existing malware definition. 15. The computing device of claim 9 , wherein the processor is configured to perform the one or more security actions by performing malware monitoring. 16. The computing device of claim 9 , wherein the processor is further configured to: reduce inflected words to their root form. 17. A non-transitory computer-readable medium having instructions stored thereon which, when executed by at least one processor of a computing device, perform operations for automatically generating and using malware definitions, the operations comprising: receiving information associated with a malicious application; extracting malware strings from the malicious application; filtering the malware strings using a set of safe strings to produce filtered strings; scoring the filtered strings to produce string scores by evaluating words of the filtered strings based on a frequency of appearance of a set of known malicious words; selecting a set of candidate strings from the filtered strings based on the string scores; generating a malware definition for the malicious application based on the set of candidate strings; and performing one or more security actions to protect against the malicious application, using the malware definition. 18. The computer-readable medium of claim 17 , wherein generating the malware definition for the malicious application comprises generating and combining logical rules for enforcement by a security application. 19. The computer-readable medium of claim 17 , wherein the operations further comprise: prior to scoring the filtered strings, segmenting the filtered strings using a dictionary of malware terms; performing a false positive and false negative verification on the malware definition; and publishing the malware definition to a plurality of publication targets. 20. The computer-readable medium of claim 17 , wherein the set of known malicious words comprises: words derived from a set of known malicious strings; and words derived from at least one existing malware definition.