The present disclosure relates generally to information handling systems, and more particularly to a method, computer software, and system for providing online security protection against identity theft and fraud, hereinafter referred to as Online Theft, during an online transaction with an information handling system. When a user goes to a web site to perform an online transaction, the user is asked to provide personal identification information and personal financial information. Hackers use Trojan Horses (“Trojans”) to steal this information from the user. The hacker can then use this information to commit theft or fraud against the user, usually an individual or small business initiating the transaction, or against the organization hosting the transaction. This disclosure presents a method, computer software, and system that can be provided to users so that they and the companies they do business with are automatically protected from this form of Online Theft.
The disclosure is novel because it protects users at the very moment of risk to Online Theft and it protects them automatically without the users having to install software, configure software or perform complex operations to protect themselves. An online transaction must be protected throughout the different portions of the network that are used to complete it. While there currently exist adequate measures to protect the enterprise hosting the transaction and to protect the network traffic between the end user and the enterprise, there are not adequate security measures to protect the end user's system from being compromised by a hacker seeking to perform Online Theft. The disclosure is significant because it provides the last portion of protection required to secure an online transaction.
To date, online transactions are secured at the enterprise server by a variety of enterprise security measures such as firewalls and Network Intrusion Detection Systems. These security measures protect the information handling system initiating the transaction, hereinafter referred to as the client computer, from hackers who have compromised the various web servers, application servers or database servers used to execute the transaction. The online transaction is also protected as it traverses the network by end to end encryption. Encryption protects the user from hackers who might capture the messages sent back and forth across the network by tapping into the systems and links that are used to connect the user's computer to the enterprise hosting the transaction. But the weak link in protecting an online transaction has been the lack of adequate security at the endpoint, i.e. at the client computer where the online transaction is initiated. The present disclosure provides security at the endpoint by detecting Trojan Horses that are used by hackers to infect the endpoint. The endpoint is protected automatically whenever a user initiates an online transaction in which the user discloses confidential information that could subject to Online Theft. The present disclosure thereby ensures end to end online transaction security.
Trojan Horses (“Trojans”) are a particular type of malicious code. Malicious code is code that executes on an information handling system, typically a computer, but it can also be a Personal Digital Assistant or other information handling device, and is intended to damage the computer, secretly collect information from the computer, alter the computer without the permission of the computer's user, or use the computer against the wishes of the computer's user. The Trojan horse is executable code that can exist in one of many forms. For example, some but not all of the forms that Trojans can be instantiated in executable code are as one or more programs, threads inside other programs, plugins or shared modules loaded by other programs, or modules loaded into operating system kernel memory in the manner of a device driver or loadable kernel module. A Trojan is a form of malicious code that enables a person to remotely control someone else's computer. The person who remotely controls the computer is hereinafter referred to as the “Evil Hacker” or simply the “hacker” while the person whose computer is being remotely controlled is hereinafter referred to as the “Innocent Victim”. BackOrifice2000, SubSeven, NetBus and OptixPro are all examples of Trojans. Trojans are sometimes referred to as “back-doors” or “hacker back-doors.”
Most Trojans have two components, the client program (Trojan Client) that is run on the Evil Hacker's computer and the server program Trojan Server) that is run on the Innocent Victim's computer. Some Trojans have only a Trojan Server that can be remotely controlled through manually entered commands rather than through the programmatic interface of a Trojan Client.
There are many ways to infect a computer with a Trojan including sending the Innocent Victim the Trojan Server disguised as a valid program, copying the Trojan Server onto the Innocent Victim's computer, or exploiting a vulnerability in the Innocent Victim's computer to place the Trojan Server on the computer.
A Trojan Horse is a tool that hackers frequently use to perform Online Theft. In order to perform an online transaction, a user must go to a particular web site, hereinafter referred to as the Transaction Portal, where the transaction is hosted. The user must then identify himself. This is typically done through a login procedure in which the user enters his username and password. If the transaction involves financial payment, then the user must also provide other personal financial information. Even if the user does not enter in additional financial or personal information, this information may be sent from the server performing the transaction to the end user so that it can then be seen by a hacker.
If the innocent victim computer is performing such an online financial transaction, the evil hacker can use the Trojan Horse to capture the username and password of the innocent victim or any other confidential personal or financial data. Once the username and password are known to the evil hacker (identity theft), the hacker can log in from the innocent victim's computer or any other computer and transfer funds from the innocent victim's account (financial theft) and it will appear as though the transaction is a valid one. If the user has provided personal financial information such as a credit card number, then the hacker can also perform financial theft and fraud by using this information elsewhere.
Also, the evil hacker can simply remotely control the innocent victim's computer during the online banking session without reusing the username and password by taking over the session and performing a seemingly valid transaction from the innocent victim's computer. Another way for the evil hacker to commit fraud is for the hacker to login from a completely different system while using the identity of the innocent victim, and using the information gathered by the Trojan Horse, to perform a transaction from that system.
Anti-Trojan programs that are intended to prevent Trojans used for Online Theft may have previously been installed on the innocent victim's computer. Nevertheless, even if the anti-Trojan program has been installed previously, the parties to the transaction cannot be certain that the program is still working at the time the transaction is executed. Therefore, to protect the parties involved in the transaction, it is necessary to ensure that a method for detecting malicious code used for Online Theft is available at the time the transaction is executed.
Accordingly, it is desirable to provide an improved method for detecting Trojans in a computer system whenever a user about to perform an online transaction and is, therefore, at risk of online theft.