The invention discloses a converged communication malicious software identification method and system, and aims to solve the problems in the prior art that malicious software detection efficiency and accuracy are low; the method comprises the following steps: restoring original network dataflow so as to obtain all software samples and all network logs; using a prestored software sample database to couple all obtained software sample, and taking the software sample, failed in coupling, as the first suspected malicious software sample; extracting network behavior vector of each user according to all network logs, respectively calculating similarity with P rule vectors in a suspected malicious software network behavior database, and further selecting the software corresponding to the suspected malicious software network behavior as the second suspected malicious software sample; identifying each sample in the first and second suspected malicious software samples, selecting the malicious software, thus fast and accurately identifying converged communication system malicious software, and taking related measures.