Over the course of the past two decades, society has come to be heavily reliant on the Internet. The Internet is a global network of interconnected computers, enabling users to share information along multiple channels. Unfortunately, not all of the shared information is beneficial. In fact, a large number of computers connected to the global network provide fraudulent or dangerous material to the rest of the network. One type of dangerous material is malware. The term “malware” is a derivation of the terms “malicious” and “software.” As the term would ordinarily indicate, malware is software designed to infiltrate or damage a computer system without the owner's knowledge or consent, although the term is generally understood to include a variety of forms of hostile, intrusive, or annoying software or program code, including computer viruses, worms, trojan horses, spyware, and the like.
Malware can be installed on vulnerable computers in many ways. Simply accessing a website can expose a user's computer to information including, source code, images, cookies, and the like. In a similar instance, malware may infect a system by exploiting bugs found within the memory of an operating system. In the case of malicious sites, accessing the site could immediately prompt the user's computer to receive malware into the system memory. In another instance, malware may infiltrate a system when an email attachment is opened. In these cases, malware can be distributed along with a complimentary device that is also malicious.
One such example of a complimentary malicious activity is phishing. At its most basic, phishing is the process of attempting to acquire sensitive user information, such as user names, passwords, or credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing has become a growing public concern, and unfortunately, the act can take a variety of forms and methods. In one example, a “phisher” can contact an internet user through an email soliciting personal or financial information. The contact email can often resemble a communication from a well-known entity with whom the user has a pre-existing relationship. The fake email can solicit the user to either directly enter sensitive information, such as a credit card number, PIN number, password, or the like, in a reply email or in some instances to follow a link to a fake website where sensitive information would be requested. This fake website often mirrors the website of the well-known entity the phisher is attempting to resemble. In one example, the soliciting email would appear to be from the user's bank or any other entity with whom the user has an account. The emails sent by phishers often appear to be completely legitimate.
In addition to the danger of the phishing scheme itself, malware could be included in the attempt. The phishing email could contain malware objects or the fake website behind the phishing attempt could contain malware. In these instances, malware could be installed simply by visiting the fake website. As a result of the ease with which malware can infect an operating system, it is difficult for individuals and businesses to protect themselves from malicious software designers and phishers.