Microsoft researchers have shown off a new anti-malware tool which could be used to defeat so-called drive-by attacks, where users’ computers are infected without them actively installing rogue software.
Drive-by attacks typically rely on vulnerabilities in JavaScript but are near-impossible for traditional static and runtime anti-malware tools to detect, according to the researchers.
These JavaScript attacks typically target specific browsers running certain plugins. Unless the malware detects that specific set up, the trap will not be sprung, which makes it hard to detect.
But Benjamin Livshits and Benjamin Zorn of Microsoft Research, along with Clemens Kolbitsch from the Technical University of Vienna have devised a virtual machine tool, known as Rozzle [PDF], which dramatically improves detection of the JavaScript threats.
Rozzle is a JavaScript virtual machine that can simultaneously mimic different set-ups by presenting the malware with multiple execution paths, increasing the likelihood that it can be detected. In effect, it provides a tool to decloak this hidden JavaScript malware.
You can view the full story here: http://www.v3.co.uk/v3- uk/news/2178656/microsofts-rozzle-bolsters-drive-malware-defences
