1. Field of the Invention
The present invention relates to computer systems. More particularly, the present invention relates to computer security.
2. Description of Related Art
Collection of user confidential data has been an ever increasing focus of computer malware. Spyware, rootkits, and malicious browser extensions, such as browser helper objects (BHOs), all attempt to gather user confidential data. For example, malicious drive-by downloads can install a silent browser helper object (BHO) that a user may not be aware of. Once installed, the silent BHO has full access to form posts and/or data object model (DOM) events in order to gather data entered in form fields by a user. With identity theft becoming a larger problem, these types of attacks are rising as other security vulnerabilities are increasingly secured.
In some systems, such as Windows Vista operating systems, in which the user is prompted for BHO installation, a user may permit a malicious BHO installation as the disclosed purpose may be completely different from that expected by a user or the disclosed purpose may be misunderstood by a user. Once installed, either explicitly by the user or silently by exploiting a vulnerability in the browser, the malicious BHO has full access to user confidential data.