09 Dec 2010

Microsoft unveils malicious JavaScript detector

Microsoft recently developed a new software that detects malware embedded in JavaScript. The tool, called Zozzle, aims to prevent attacks on computers by cutting off malicious JacaScript codes in the browser.

Zozzle works by performing an analysis on a website’s JavaScript code to determine whether or not the site contains codes that are malicious or exploitable. According to researchers, Zozzle must be trained to recognize elements in malicious codes to be effective.

“Zozzle makes use of a statistical classifier to efficiently identify malicious JavaScript. The classifier needs training data to accurately classify JavaScript source,” wrote Microsoft researchers Benjamin Livshits and Benjamin Zorn. “We start by augmenting the JavaScript engine in a browser with a ‘deobfuscator’ that extracts and collects individual fragments of JavaScript.”

Researchers say Zozzle will defend users against “heap-spraying exploits” that are launched by malicious JavaScript codes. Additionally, they say Zozzle has a low memory overhead and a false-positive rate of less than one percent.

JavaScript-based attacks are commonly used by cyber criminals. According to a recent study, JavaScript attacks have risen significantly in the last year.