Zozzle JavaScript Malware Detection Tool By Microsoft Research

Microsoft Research has developed a new tool called "Zozzle," designed to perform static analysis of JavaScript code on a given site and quickly determine whether the code is malicious and includes an exploit. In order to be effective, the tool must be trained to recognize the elements common to malicious JavaScript, and the researchers behind […]

Microsoft Research has developed a new tool called "Zozzle," designed to perform static analysis of JavaScript code on a given site and quickly determine whether the code is malicious and includes an exploit. In order to be effective, the tool must be trained to recognize the elements common to malicious JavaScript, and the researchers behind it stress that it works best on de-obfuscated code.

In the paper embedded below, the researchers say that they trained Zozzle by crawling millions of Web sites and using a similar tool, called "Nozzle," to process the URLs and see whether malware was present.

The new tool is still in the research phase and it's not clear when or if Microsoft Research might release Zozzle. But the researchers say that Zozzle has an extremely low overhead when deployed in a browser--on the order of 2-5 milliseconds per JavaScript file--and has a false-positive rate of less than one percent.

Full paper:

[Source]