A method of detecting malicious code in computer readable code includes performing an initial determination to determine whether a first portion of the computer readable code may potentially have malicious code and if it is determined that the computer readable code potentially has malicious code, performing another determination to determine whether a second portion not including the first portion of the computer readable code has malicious code.