Malicious programmers are constantly attempting to exploit computing systems by creating malicious software programs (malware), such as viruses, worms, and Trojan horses. In some situations, malicious programmers may try to hide malware on computing systems so that it will be overlooked or ignored by computer security programs. For example, malicious programmers may name a malicious process using a name that is confusingly similar to the name of a non-malicious process. For instance, a developer may name a malicious process “egresss.exe,” which may be confusingly similar to a non-malicious process named “egress.exe.” In this example, the malicious programmer may fool a user or security program into allowing the malicious process to execute since the name of the malicious process only differs from the name of the non-malicious process by a single letter.
In another example, a malicious programmer may name a malicious process using the same name as a non-malicious process, but may cause the malicious process to run from an unexpected file location. For example, a malicious programmer may cause the process “egress.exe” to execute from the file location “C:\temp\” instead of the expected execution location “C:\program files\egress\”. In this example, the malicious programmer may fool a user or a security program into allowing the malicious process to run since the malicious process uses the same name as the non-malicious process, even though the malicious process may execute from a file location that is different from the non-malicious process.