The emergence of the Internet as a network of distributed computers and computerized devices has made a significant contribution towards the advancement of modern society, resulting in a profound impact to nearly every aspect of modern living. The unprecedented speed, versatility and capacity available through the communication and dissemination of information over the Internet have revolutionized the business and practice of numerous industries, and enabled the rise of entirely new fields of commerce.
Unfortunately, those very features provided by the Internet have also provided the impetus for the development of new breeds of malicious and/or immoral behavior. Identity theft and fraud over the Internet have increased in alarming rates with unmistakable correlation to the growth and popularity of Internet usage. Other undesirable activities facilitated by the Internet include the transfer of electronic “SPAM” (unsolicited or undesired bulk electronic messages) and computer malware.
Malware is software designed to infiltrate or damage a computerized system without the consent of the owner. The expression has generally grown to encompass a variety of hostile, intrusive or annoying software or program code, including but not limited to computer viruses, worms, trojan horses, spyware and adware.
Malware has been documented since at least 1986, and recent estimates have speculated that the number of malware variants has reached at least half a million as of 2007. An estimated 31.7% of all computer systems are believed to be infected by at least one form of malware, accounting for tens of billions of dollars of direct damages to individuals as well as organizations. The number of new Malware variants is believed to be increasing at a rate of several hundred per day.
Malware constitutes a serious threat to individuals and organizations worldwide. Accordingly, numerous products and services have been developed to eliminate or mitigate the effect of malicious code on a computer system. Traditional methods of combating malware include writing digital signatures for confirmed malicious code, and updating the signature files in participating computer systems. Computer systems are then able to identify incoming data as malicious code if the digital signatures of the incoming data correspond to the signatures of known malware in the signature file.
The introduction of new variants of malware at the current rate of hundreds each day already require constant updates to the signature files to even maintain any level of effective mitigation, at an obvious cost to efficiency. Furthermore, this method is effective only insofar as all replications of the malicious code use the same digital signature. Unfortunately, malware writers commonly employ schemes to personalize each replication of the malware, thereby rendering the signature detection method ineffective.
Typically, when incoming malware is detected by a computer application, the application will stop the process that is allowing the malware access to the computer system and provide notice to the user of the potentially infected system that the current action includes the risk of introducing malware to the system. Commonly, the notice to the user is provided as a warning and may include information about the malware (e.g., the specific risks of the particular variant, the areas of the computer system that may be contaminated, and the source of the malware, etc). The user can choose to proceed with the action, thereby accepting the risk of acquiring the malware, or choose to cancel the action.
Regrettably, the information (if any) contained in the warning is often incomplete, obtuse, cryptic, irrelevant, or otherwise incomprehensible to the user. Improperly warned users may not understand the severity of the warning and insist on proceeding with their originally intended course of action. Other users may simply be desensitized by the sheer frequency of warnings (due in part to the user's own high-risk activity, perceived irrelevancy of the warnings and the proliferation of malware) and knowingly ignore the risk of infection.