MSR Develops ‘Zozzle’ JavaScript Malware Detection Tool

Guest post by fran 2010-12-06 Privacy, Security 3 Comments

“As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect users. Few have been forthcoming, but Microsoft Research has developed a new tool called Zozzle that can be deployed in the browser and can detect JavaScript-based malware at a very high effectiveness rate.”

3 Comments

2010-12-07 12:00 pm

fran
Whats the chance we’ll be seeing this plugin on other browers?

There’s also a Firefox a plugin called No-Script.

But some websites need javascript to function correctly.
2010-12-07 1:34 pm

vodoomoth
I started pondering over the true interest of their work when I saw this:

Zozzle is designed to perform static analysis of JavaScript code on a given site and quickly determine whether the code is malicious and includes an exploit. In order to be effective, the tool must be trained to recognize the elements that are common to malicious JavaScript, and the researchers behind it stress that it works best on de-obfuscated code

Seems like a lost battle, just like it is as to the desktop virus battle.
2010-12-07 6:12 pm

Almafeta
In the paper linked to in the article above, Microsoft Research claims a false positive rate at “a fraction of 1%”.

Unfortunately, without knowing exactly what fraction of 1% they’re talking about, we won’t know whether the average user sees a false positive every few minutes, every few hours, or every few days…