Abstract: A method for protecting a browser from malicious processes, comprises providing at least one process-proxy object and at least a browser-proxy object, interposed between the browser and a process, such that when the process invokes one of the DOM entry points, the process-proxy object isolates it from the real browser implementation and executes the process-proxy object's code instead.

Abstract: A method for detecting malware in a user terminal device that has been infected by malware via a browser running on the user terminal device, according to which upon detecting a predetermined a triggering event on the user terminal, a security application installed on the terminal automatically activates a transparent browser to navigate to one or more predetermined URLs. Then the security application checks the code of an inspected webpage that has been received immediately after it is opened by the transparent browser and rechecks the code after being at least partially processed by the transparent browser. If a change the code is detected, an alert is issued, indicating that the terminal has been infected by malware.

Abstract: A process for identifying potentially harmful malware, comprises the steps of: a) identifying an executable that is about to run; b) providing a monitoring agent that monitors all threads that are descendent of a thread initiated by the process of said executable; and c) configuring said monitoring agent to conclude that a high probability of malware presence exists, if one of said descendent threads reaches a target process in which suspicious patches are created.

Abstract: A method for protecting a browser from malicious processes, comprises providing at least one process-proxy object and at least a browser-proxy object, interposed between the browser and a process, such that when the process invokes one of the DOM entry points, the process-proxy object isolates it from the real browser implementation and executes the process-proxy object's code instead.

Abstract: A browser plug-in firewall manages data exchanged between a browser and a plug-in according to a pre-defined list of rights.

Abstract: A method detects fraudulent transaction of money transfer to a mule account, according to which a detection software module is injected into a browser or a website to be protected. The detection module traces the content and the activities performed on a webpage of the website and detects any exceptional activity/condition which may be fraudulent online activity performed by malware and waits until all sensitive data to perform a fraud transaction is entered. Then the detection module stores and/or forwards the details of the mule account that has been used for the fraudulent transaction.

Abstract: A method detects fraudulent transaction of money transfer to a mule account, according to which a detection software module is injected into a browser or a website to be protected. The detection module traces the content and the activities performed on a webpage of the website and detects any exceptional activity/condition which may be fraudulent online activity performed by malware and waits until all sensitive data to perform a fraud transaction is entered. Then the detection module stores and/or forwards the details of the mule account that has been used for the fraudulent transaction.

Abstract: In a computer system, a method detects a suspected malware behavior. Activities on a computer system conducted within a given time frame are monitored during the installation of a suspected file. The monitored activities are recorded and the monitored/recorded activities are compared with patterns of malware behavior, stored in a database. Upon detecting a suspicious program, the recorded monitored activities are provided for further analysis to be performed by appropriate software removal tools.

Abstract: A method for preventing malicious attacks on software, using the patching method, includes providing a database of malicious known patches (malware). The database contains characteristic signatures of the malware. The method also includes detecting whether a patch is malicious by comparing it with a signature in the database and performing one or more activities needed to prevent the malicious patch from performing undesired activities.

Abstract: A method for alerting a service provider and/or a user of a web browser of a phishing attempt comprises providing on a page that it is desired to protect against phishing, a Javascript that when caused by a phishing page to run not in the context of the original page generates an indication that a phishing attempt may exist.

Abstract: A method for detecting and removing a suspicious software code in a computer system, according to which the installation process of the suspicious software code is monitored by a client agent residing within the computer system where predetermined operations of the suspicious software code are identified and registered during the installation process. The predetermined operations are compared with a known software code in order to define whether the software code is similar to the known software code. It is then determined if the suspicious software code is malware and if it is, the client agent is instructed to uninstall the suspicious software code from the OS, or to remove its entry from the boot registry.

Abstract: System and method for determining, by a security application, whether an examined software code is a malware, according to which the system detects whenever the examined process code performs system calls and further detects a call site. Pieces of code in the surrounding area of the site and/or in branches related to the site are analyzed and the properties of the analyzed pieces of code are compared with a predefined software code patterns, for determining whether the examined process code corresponds to one of the predefined software code patterns. Then the examined process code is classified according to the comparison results.

Abstract: Some demonstrative embodiments of the invention include a system and method for detecting related transactions, e.g., fraudulent transactions by for example associating transactions and creating lists of related transactions. Other embodiments are described and claimed.

Abstract: Embodiments of the present invention relate to a method and system for detecting and/or mitigating domain name system (DNS) spoofing Trojan horse (or Trojan) code. Trojan code (sometimes called malware or malicious software) is a common computer security problem. Some Trojans modify the DNS resolution mechanism employed by the infected computer, such that the computer traffic, when browsing the Internet, is routed to a location not intended by the rightful owner of the computer. The present invention can detect this phenomenon from a remote device or location and may take action to mitigate its effects.

Abstract: A method for preventing malicious attacks on software, using the patching method, includes providing a database of legitimate and known patches, the database contains characteristic code paths of said legitimate patches. The method also includes detecting whether a patch is malicious by inspecting one or more characteristic paths of the patch and matching one or more code paths against the database of legitimate and known patches. An activity needed to prevent the malicious patch from performing undesired activities is then performed.

Abstract: A method and system for determining whether a proxy is present in a communication link between a client and a server, and if so, certain characteristics of the proxy.

Abstract: A method for preventing malicious attacks on software, using the patching method, includes providing a database of malicious known patches (malware). The database contains characteristic signatures of the malware. The method also includes detecting whether a patch is malicious by comparing it with a signature in the database and performing one or more activities needed to prevent the malicious patch from performing undesired activities.

Abstract: A method for detecting HTML-modifying malware present in a computer includes providing a server which serves a web page (HTML) to a browser. A determination is made whether a modified string exists in the page received by said browser and if a modifying element is found, determining the malware is present in the computer.

Abstract: A system and method of conducting a transaction comprising accepting transaction information from a user, producing a customized statement, the customized statement relating to at least a portion of the transaction information and including a challenge to the user, and sending the user an obscured representation of the customized statement. The system and method may accept from the user a response to the challenge. The system and method may further allow the transaction to proceed if the response is correct and prevent the transaction from proceeding if the response is incorrect.

Abstract: A method for preventing malicious attacks on software, using the patching method, includes providing a database of legitimate and known patches, the database contains characteristic code paths of said legitimate patches. The method also includes detecting whether a patch is malicious by inspecting one or more characteristic paths of the patch and matching one or more code paths against the database of legitimate and known patches. An activity needed to prevent the malicious patch from performing undesired activities is then performed.