As the web browser is becoming the most frequently used application on a personal computer, and as more user confidential data is being entered through the web browser, such as banking and shopping transactions, malicious attacks are being increasingly focused on the web browser. There is an increasing number of malicious exploits that can install malicious code, such that a malicious browser extension persists on a target computer system. For a malicious browser extension to persist on a computer system, typically a malicious file is created so that the malicious extension persists on the disk, and a registry entry associated with the malicious browser extension is created to notify the web browser that a browser extension has been registered with the operating system.
Thus, for example, if a user enters user confidential data into a form field of a web page, and a malicious browser extension is present on the web browser, when the malicious browser extension receives an event, the malicious browser extension potentially has the ability to access and modify the content of the event. For example, the malicious browser can copy or modify the user confidential data, such as a bank account routing number in the post data parameter of the event, resulting in compromise of the user confidential data.
To protect consumers and service providers, many software and hardware solutions have been proposed or developed. These methods in general enhance online authentications, but they implicitly assume that the web browser, the most prevalent tool for online activities, is secure. Also, these solutions are not directed to provide protection against malware installation process.
Another problem of existing solutions is the fact that in order to classify an *.exe file as malicious or benign, protective tools have to scan its content. Sometimes this process may take more time that requires to a malicious file to install itself. This limitation may result in an unavoidable damage to the infected system.
To address this problem and to protect users from being exploited while browsing the web, browser infection detection tools are required.
It is therefore an object of the present invention to provide a system which is capable of detecting behavior associated with a malware.
It is another object of the present invention to provide a system capable of preventing the complete installation of a malware.
Other objects and advantages of the invention will become apparent as the description proceeds.