Attackers use malicious software (malware) to attack users and networks. Malware threats include computer viruses, worms, Trojan horse programs, spyware, adware, crimeware, and phishing websites. Malware can, for example, surreptitiously capture important information such as logins, passwords, bank account identifiers, and credit card numbers. Similarly, the malware can provide hidden interfaces that allow the attacker to access and control the compromised computer. Other forms of attack spoof user interaction while at the same time extracting or encrypting valuable information.
In response to the increasing difficulty of detecting malware and attackers, security software is evolving. Security approaches fall into the categories of prevention (rotating passwords, building stronger firewalls, etc.) and detection, whereby a security system attempts to detect user behavior outside the norm.
The later approach may be seen in web-based email programs, where if a user logs in from a new geography, the user is challenged to provide a password or proceed through a dual authentication protocol. This works in some instances but does not take into account detection when a user's login information has already been compromised and an attacker is inside the system.