Abstract: Methods and apparatus for interfering with malware using displaced display elements are disclosed. In an example, a processor is configured to change a location of a displayed pointer by a first offset vector from a hidden true pointer. The processor is also configured to change a location of at least one application display element, such as a website “Submit” button, by a second offset vector from a hidden true application element. The first offset vector may have a similar magnitude as the second offset vector but an opposite direction Changing a location of a pointer and the application element by the offsets enables a user to interact with the application normally. However, the offsets prevent malware or a malicious application from inter-acting with the application.

Abstract: Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes determining a prediction for human user interaction with webpage content of a website by identifying webpage elements in the webpage content, where the webpage elements are for human user interaction, and determining at least one of spatial density of cursor movements or cursor velocity vectors relative to the webpage elements that are indicative of human user interaction with the webpage content. The method further includes using the prediction for human user interaction with the webpage content to determine if received webpage interaction information from a client device is indicative of a presence of a malicious application. The method provides an indication of the presence of the malicious application if the received interaction information is indicative of the presence of a malicious application.

Abstract: A system, apparatuses, and methods for device and network security are discussed herein. In an example, a security device for providing security to user-entered inputs includes a universal serial bus (“USB”) port configured to receive a connector of an input device and a USB connector configured to connect to a port of a user device. The apparatus also includes a processor configured to receive a string of characters from the input device that correspond to inputs made by a user into a web browser or application on the user device. The processor adds at least one security character to the string of characters to generate a watermark string, and transmits the watermark string to the user device. The processor is configured to format the at least one security character such that only the string of characters are displayed in the web browser or the application at the user device.

Abstract: Methods and apparatus for interfering with malware using displaced display elements are disclosed. In an example, a processor is configured to change a location of a displayed pointer by a first offset vector from a hidden true pointer. The processor is also configured to change a location of at least one application display element, such as a website “Submit” button, by a second offset vector from a hidden true application element. The first offset vector may have a similar magnitude as the second offset vector but an opposite direction Changing a location of a pointer and the application element by the offsets enables a user to interact with the application normally. However, the offsets prevent malware or a malicious application from interacting with the application.

Abstract: A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an executable application configured to collect data regarding processes operating on a client device during a time period. The executable application is also configured to purposefully access, during the time period, an application server using a web browser on the client device in an attempt to trigger a malicious application potentially located on the client device. The executable application is configured to transmit, after the time period, the collected data to an analysis server to determine whether the malicious application is located on the client device.

Abstract: A system, apparatuses, and methods for device and network security are discussed herein. In an example, a security device for providing security to user-entered inputs includes a universal serial bus (“USB”) port configured to receive a connector of an input device and a USB connector configured to connect to a port of a user device. The apparatus also includes a processor configured to receive a string of characters from the input device that correspond to inputs made by a user into a web browser or application on the user device. The processor adds at least one security character to the string of characters to generate a watermark string, and transmits the watermark string to the user device. The processor is configured to format the at least one security character such that only the string of characters are displayed in the web browser or the application at the user device.

Abstract: Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes determining a prediction for human user interaction with webpage content of a website by identifying webpage elements in the webpage content, where the webpage elements are for human user interaction, and determining at least one of spatial density of cursor movements or cursor velocity vectors relative to the webpage elements that are indicative of human user interaction with the webpage content. The method further includes using the prediction for human user interaction with the webpage content to determine if received webpage interaction information from a client device is indicative of a presence of a malicious application. The method provides an indication of the presence of the malicious application if the received interaction information is indicative of the presence of a malicious application.

Abstract: Methods and apparatus for interfering with automated bots using a graphical pointer and page display elements are disclosed. In an example, a processor selects a challenge for display on a client device. The challenge includes a display element and stylized pointer information. The processor causes the display element to be displayed on the client device and a pointer to be stylized, as specified by the pointer information. The processor receives a response message corresponding to at least one of a pointer selection or pointer movement made by the stylized pointer. The processor compares information within the response message to a specified correct location of the display element that is stored in an answer file related to the selected challenge. If the information within the response message is correct, the processor transmits a correct answer message and/or enables webpage content to be displayed or otherwise provided to the client device.

Abstract: A system, apparatuses, and methods for device and network security are discussed herein. In an example, a security device for providing security to user-entered inputs includes a universal serial bus (“USB”) port configured to receive a connector of an input device and a USB connector configured to connect to a port of a user device. The apparatus also includes a processor configured to receive a string of characters from the input device that correspond to inputs made by a user into a web browser or application on the user device. The processor adds at least one security character to the string of characters to generate a watermark string, and transmits the watermark string to the user device. The processor is configured to format the at least one security character such that only the string of characters are displayed in the web browser or the application at the user device.

Abstract: Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes determining a prediction for human user interaction with webpage content of a website by identifying webpage elements in the webpage content, where the webpage elements are for human user interaction, and determining at least one of spatial density of cursor movements or cursor velocity vectors relative to the webpage elements that are indicative of human user interaction with the webpage content. The method further includes using the prediction for human user interaction with the webpage content to determine if received webpage interaction information from a client device is indicative of a presence of a malicious application. The method provides an indication of the presence of the malicious application if the received interaction information is indicative of the presence of a malicious application.

Abstract: A system, method, and apparatus for detecting remote control of a client device are disclosed. An example network security apparatus includes a network switch configured to route first data packets between a client device and a content provider device, determine IP addresses of other devices that transmit second data packets to or receive second data packets from the client device, and throttle the second data packets destined for the client device. The apparatus also includes a controller configured to receive signal packets indicative of activity in relation to a webpage provided by the content provider device to the client device and instruct the network switch to throttle the second data packets after receiving one of the signal packets. The controller is also configured to provide an indication of a malicious device remotely controlling the client device responsive to not receiving another signal packet within a specified time period.

Abstract: Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes determining a prediction for human user interaction with webpage content of a website by identifying webpage elements in the webpage content, where the webpage elements are for human user interaction, and determining at least one of spatial density of cursor movements or cursor velocity vectors relative to the webpage elements that are indicative of human user interaction with the webpage content. The method further includes using the prediction for human user interaction with the webpage content to determine if received webpage interaction information from a client device is indicative of a presence of a malicious application. The method provides an indication of the presence of the malicious application if the received interaction information is indicative of the presence of a malicious application.

Abstract: Methods, systems, and apparatuses for varying soft information are disclosed. In an example embodiment, a security processor receives, from a transaction server, hard information to transmit to a client device related to a transaction with the client device, and soft information related to the display of the hard information on the client device. The security processor determines a variation of the soft information configured to prevent a malicious application from interacting with the hard information and determines the variation of the soft information does not change how the hard information is displayed at the client device compared to how the hard information was to be displayed using the soft information. Responsive to determining the variation of the soft information does not change how the hard information is displayed, the security processor transmits the hard information and the variation of the soft information to the client device.

Abstract: A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an executable application configured to collect data regarding processes operating on a client device during a time period. The executable application is also configured to purposefully access, during the time period, an application server using a web browser on the client device in an attempt to trigger a malicious application potentially located on the client device. The executable application is configured to transmit, after the time period, the collected data to an analysis server to determine whether the malicious application is located on the client device.

Abstract: Methods, systems, and apparatuses for varying soft information are disclosed. In an example embodiment, a security processor receives, from a transaction server, hard information to transmit to a client device related to a transaction with the client device, and soft information related to the display of the hard information on the client device. The security processor determines a variation of the soft information configured to prevent a malicious application from interacting with the hard information and determines the variation of the soft information does not change how the hard information is displayed at the client device compared to how the hard information was to be displayed using the soft information. Responsive to determining the variation of the soft information does not change how the hard information is displayed, the security processor transmits the hard information and the variation of the soft information to the client device.

Abstract: A system, method, and apparatus for detecting remote control of a client device are disclosed. An example network security apparatus includes a network switch configured to route first data packets between a client device and a content provider device, determine IP addresses of other devices that transmit second data packets to or receive second data packets from the client device, and throttle the second data packets destined for the client device. The apparatus also includes a controller configured to receive signal packets indicative of activity in relation to a webpage provided by the content provider device to the client device and instruct the network switch to throttle the second data packets after receiving one of the signal packets. The controller is also configured to provide an indication of a malicious device remotely controlling the client device responsive to not receiving another signal packet within a specified time period.

Abstract: A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an analysis server configured to receive from an executable application operating on a client device a data structure including information identifying processes operating on the client device during a time period and analyze the data structure to identify a malicious application by determining which of the processes on the client device were triggered after an application server was accessed by the executable application and identifying processes associated with the malicious application by comparing the determined processes to records of processes of a device similarly configured as the client device.

Abstract: A system, methods, and apparatus for validating communications in an open architecture system are disclosed. In an example embodiment, a method includes selecting transactional information to transmit from a server to a communicatively coupled client device based on a request from the client device, selecting presentation information corresponding to the transactional information to transmit from the server to the client device, transmitting at least one message including the presentation and transactional information from the server to the client device, determining a prediction as to how the client device will render the transactional information based on the presentation information, receiving a response message from the client, and responsive to information in the response message not matching the prediction, providing an indication there is a malicious application affecting communications between the server and the client device.

Abstract: A system, method, and apparatus for providing observable authentication are disclosed. An example method includes receiving a request from a user to access an account, the request including an identifier associated with the user, determining a secret login rule previously provided to the user, and transmitting observable information to be displayed in a login map by a client device associated with the user. The example method also includes determining a correct answer by analyzing the positioning of the displayed observable information within the login map in conjunction with the secret login rule associated with the user. The example method further includes receiving an answer from the client device and providing the user access to the account responsive to the answer matching the correct answer.

Abstract: A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an analysis server configured to receive from an executable application operating on a client device a data structure including information identifying processes operating on the client device during a time period and analyze the data structure to identify a malicious application by determining which of the processes on the client device were triggered after an application server was accessed by the executable application and identifying processes associated with the malicious application by comparing the determined processes to records of processes of a device similarly configured as the client device.