Microsoft Research Develops Zozzle JavaScript Malware Detection Tool | threatpost

Microsoft Research Develops Zozzle JavaScript Malware Detection Tool | threatpost.

Microsoft Research just released a paper on Zozzle, software they developed to detect certain types of JavaScript malware.

There are two ways Zozzle can be used:

  • In the browser to block malicious JavaScript before it does any damage
  • Scanning websites to detect malware-laden pages which can then be blacklisted

The question is, is this going to be a valuable tool for detecting and stopping malicious JavaScript? For some comments, I went to slashdot.org – Microsoft Builds JavaScript Malware Detection Tool.

Clearly, the slashdot crowd is anti-Microsoft, but it seems to me there was one insightful comment which I have paraphrased:

HTML5 Tricks Hijack Browsers To Crack Passwords, Spew Spam – Andy Greenberg – The Firewall – Forbes

HTML5 Tricks Hijack Browsers To Crack Passwords, Spew Spam – Andy Greenberg – The Firewall – Forbes.

As usual, new technology spawns new threats. HTML5 will be no different.

HTML5 allows a website to run javascript processes that request data from another site, and to launch invisible scripts “in the background” on a user’s machine for long periods of time, says Kuppan. “With HTML4, after twenty seconds the browser would freeze,” he says.

And this:

Once the hacker has control of a user’s browser, it can be used to do all the same sorts of unpleasant things that botnets of malware-hijacked computers generally do: By repeatedly requesting data from another site–Kuppan says javascript can make around 10,000 requests a minute–it can overwhelm a target’s server and knock it offline. Or by creating and filling the sort of entry field typically used on corporate websites for leaving feedback, it can send mass emails to a list of addresses.

And this:

To keep users on a page longer while his scripts run, Kuppan suggests a trick that involves a clever form of “clickjacking.” Using javascript, an invisible link can be inserted wherever a user clicks on a page to open another tab with the desired destination. Since most users leave unused tabs unattended, a script can run on the original tab, potentially for hours, without the user’s knowledge.

We will need a tool which gives users better visibility into what’s going on their workstations and the ability to either automatically take actions against anomalous behavior or give users options to take actions.