Thursday, January 27, 2022

Microsoft’s Rozzle bolsters drive-by malware defences

 Microsoft researchers have shown off a new anti-malware tool which could be used to defeat so-called drive-by attacks, where users’ computers are infected without them actively installing rogue software.

Drive-by attacks typically rely on vulnerabilities in JavaScript but are near-impossible for traditional static and runtime anti-malware tools to detect, according to the researchers.

These JavaScript attacks typically target specific browsers running certain plugins. Unless the malware detects that specific set up, the trap will not be sprung, which makes it hard to detect.

But Benjamin Livshits and Benjamin Zorn of Microsoft Research, along with Clemens Kolbitsch from the Technical University of Vienna have devised a virtual machine tool, known as Rozzle [PDF], which dramatically improves detection of the JavaScript threats.

Rozzle is a JavaScript virtual machine that can simultaneously mimic different set-ups by presenting the malware with multiple execution paths, increasing the likelihood that it can be detected. In effect, it provides a tool to decloak this hidden JavaScript malware.

You can view the full story here:    uk/news/2178656/microsofts-rozzle-bolsters-drive-malware-defences

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …