Many transactions are performed online over a network between a client and a server. For example, a bank may provide a website on a server so that account holders can access their accounts using a browser application on a client electronic device.
However, some online transactions may be fraudulent, i.e., not initiated by the proper account holder. Frequently, such fraud is perpetuated by the introduction of malware into the client over a communication network, e.g., by an email attachment. Such malware is typically designed to allow a fraudster to control the client using a remote access tool such as Remote Desktop. The malware allows the fraudster to perform functions on the client's electronic device in a manner transparent to the client so that detection by either the client or the website server is difficult.
Conventional approaches to detecting fraud in online transactions involve installing anti-malware software, e.g., anti-virus software, on a client. The anti-malware software typically performs a search on the client's electronic device to detect known malware, e.g., viruses, worms, Trojan horses, etc. Such a search is based upon the most up-to-date knowledge of malware infections.