Software that is designed to be harmful to a computer system or network may be known as malicious software or malware. Malicious software may come in various forms, such as computer worms, computer viruses, Trojan horses, spyware, adware, root kits, keystroke logging, and browser helper objects.
Computer worms may be a standalone malware computer program. The computer program may be designed to replicate itself and spread to other computers within a network.
Computer viruses may be a malicious segment of code. The malicious segment of code may be configured to insert itself into an existing computer program, data files or boot sector of the computer's hard drive, thereby maliciously modifying the host system.
Trojan horses may be also be known as Trojans. A Trojan may be a malicious computer program that misleads users as to its true intent. Trojans may be spread using social engineering—i.e., duping users into executing a malicious email attachment. Unlike computer viruses and worms, Trojans typically do not inject themselves into computer files or programs. Trojans may be used to exploit their host computers, and use their host computers as proxy servers in order to execute an attack on third-party computers.
Spyware may be software that gathers information about a first entity without the first entity's knowledge or consent. Spyware may send or sell the gathered information to a second entity without the first entity's consent.
Adware may also be known as advertising-supported software. Adware may include software that presents unwanted advertisements. The adware may appear in various forms, such as a pop-up window or an “unclosable window.”
Rootkits may be a collection of malicious software. The collection of software may be designed to enable a remote accessor to access a computer, or sectors of a computer, that the remote accessor would otherwise be banned from accessing. Once the remote accessor has gained access to the computer, the remote accessor may maintain privileged access to the computer system without the computer user's knowledge. The remote accessor may utilize his access to the computer to perform various unauthorized functions, such as stealing passwords, credit card information and computing resources and manipulating APIs (application programming interfaces).
Keystroke logging, which may also be referred to as keylogging, or keyboard capturing, may include recording, or logging, the keys struck on a keyboard. Generally, the recording is executed without the keyboard user's knowledge. The recorded keystrokes may enable an unauthorized user to steal passwords and access other information which may contribute to identity theft.
Browser Helper Object, or BHOs, may be a library module designed for a web browser to provide added functionality. Examples of legitimate BHOs include the Adobe™ PDF document conversion toolbar and the Google™ search toolbar. The BHO API, used to create a BHO, exposes hooks that enable access to the document object model of the current page and that control navigation. An installed malware-based BHO may activate upon detecting a secure HTTP connection. The BHO may steal information during the user's secure connection with a secured website.
Conventionally, malicious software is difficult to uproot from within a networked environment. A networked environment may include many branches as well as many layers of both hardware and software. Although one branch or layer affected by the malicious software may be cleaned from the malicious software, many times, unfortunately, other affected branches or layers may include residual remains of the malicious software. The residual remains may cause damage to the network and/or generate malicious software, which may infiltrate the previously-cleaned branches and/or layers. Continuous cleaning without being able to destroy, and/or remove, the malicious software may strain the system's resources and eventually may completely collapse the network.
At times, a network may be required to be wiped clean—i.e., remove all data included in substantially all hardware and software components of the network. This process may cause an entity to lose substantially all of their data. Wiping a network clean may also require reinitializing the hardware and software elements. Therefore, reinstating the compatibility between the software and hardware elements may require lengthy reconfigurations.
Therefore, it is desirable to provide a machine-learning system that is configured to promptly detect the presence of malicious software within a networked environment, remove the malicious software from all affected branches and/or layers, retain most of the stored data within the network and retain compatibility between the software and hardware components included in the network.