Microsoft Builds JavaScript Malware Detection Tool

Posted by timothy on Friday December 3, 2010 @10:52PM from the canary-for-the-coalmine dept.

Trailrunner7 writes "As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect users. Few have been forthcoming, but Microsoft Research has developed a new tool called Zozzle that can be deployed in the browser and can detect JavaScript-based malware on the fly at a very high effectiveness rate. Zozzle is designed to perform static analysis of JavaScript code on a given site and quickly determine whether the code is malicious and includes an exploit. In order to be effective, the tool must be trained to recognize the elements that are common to malicious JavaScript, and the researchers behind it stress that it works best on de-obfuscated code."

4 of 88 comments (clear)

Min score:

Reason:

Sort:

The Question by Dunbal · 2010-12-03 23:11 · Score: 3, Funny

Does this malware tool come with its own exploits built in like all the other Microsoft software?

--
Seven puppies were harmed during the making of this post.
The (relevant) Question by kestasjk · 2010-12-03 23:13 · Score: 1, Funny

Does it prevent more real-world attacks than it makes possible?

--
// MD_Update(&m,buf,j);
Punchline by Anonymous Coward · 2010-12-03 23:39 · Score: 3, Funny

The app is called Internet Explorer. And it finds ALL the javascript malware!
No obfuscation please by irober02 · 2010-12-04 00:24 · Score: 3, Funny

Dear Malware Writer, I've just installed this cool MS malware/JS detector but it doesn't work with obfuscated code so, please don't hide your tricky JS code otherwise I won't be able to stop you abusing my computer. thanks, much appreciated. ;-)