The Internet is a worldwide public system of computer networks providing information, shopping capabilities and other kinds of business opportunities accessible to tens of millions of people worldwide. The most widely used part of the Internet is the World Wide Web, often abbreviated “WWW” or simply referred to as just “the web.” The web is an Internet service that organizes information through the use of hypermedia. The HyperText Markup Language (“HTML”) is typically used to specify the contents and format of a hypermedia document (e.g., a web page). Other popular formats to display contents of a web page are JAVA™, the Portable Document Format (PDF), AJAX, Adobe Flash or Microsoft Silverlight. Hypertext links refer to other documents by their uniform resource locators (URLs). A client program, known as a browser, e.g. MICROSOFT® INTERNET EXPLORER®, GOOGLE® CHROME®, MOZILLA® FIREFOX®, APPLE® SAFARI®, runs on the user's computer and is used to render the content of a web page and display it in human readable form. The browser is also used to follow a link, e.g., send a query to the web server.
Browser extensions are small programs that extend the default functionality of the browsers. Such extensions can help a user to manage his passwords for the access of different websites that require a password (single sign on), to block ads or ad tracking services or to display the reputation of search results. A browser extension may provide a toolbar on the browser user interface.
Browser extensions initially provided useful features or customizations to browsers. However, browser extensions have been misused in an increasing scale over the last years. For example, many extension authors started to use extensions in order to collect private information or to hijack the browser settings for homepage and search provider in order to earn money. Many of these unwanted extensions are not actively searched for and installed by a user, but instead come bundled with other software a user wants to install and are typically offered as an opt-out to the desired software.
A large number of these undesirable browser extensions come as opt-out offers bundled together with valuable software and behave in a similar manner to other known forms of malware, but they come with an end-user license agreement (EULA). Therefore it is difficult for a conventional anti-virus program to flag these bundled applications as malware.