All the latest UK technology news, reviews and analysis


Microsoft's Rozzle bolsters drive-by malware defences

22 May 2012
Concept image representing virus malware

Microsoft researchers have shown off a new anti-malware tool which could be used to defeat so-called drive-by attacks, where users' computers are infected without them actively installing rogue software.

Drive-by attacks typically rely on vulnerabilities in JavaScript but are near-impossible for traditional static and runtime anti-malware tools to detect, according to the researchers.

These JavaScript attacks typically target specific browsers running certain plugins. Unless the malware detects that specific set up, the trap will not be sprung, which makes it hard to detect.

But Benjamin Livshits and Benjamin Zorn of Microsoft Research, along with Clemens Kolbitsch from the Technical University of Vienna have devised a virtual machine tool, known as Rozzle [PDF], which dramatically improves detection of the JavaScript threats.

Rozzle is a JavaScript virtual machine that can simultaneously mimic different set-ups by presenting the malware with multiple execution paths, increasing the likelihood that it can be detected. In effect, it provides a tool to decloak this hidden JavaScript malware.

Rozzle was put head-to-head against a traditional runtime malware detector on more than 65,000 samples of JavaScript malware. The traditional anti-malware tool detected just 2.5 per cent, while Rozzle achieved a 17.5 per cent detection rate.

While that's far from perfect, it does validate the approach, according to the researchers.

“The goal of our work is to increase the effectiveness of dynamic crawler searching for malware so as to imitate multiple browser and environment configurations,” they wrote in their research paper.

They also showed that Rozzle was three times as effective as traditional tools for uncovering malicious URLs.

Earlier this year, security firm FireEye warned that malware writers were increasingly turning to JavaScript vulnerabilities to breach enterprise defences because it was nearly impossible for firms to lock down the volume of devices running JavaScript.

Rozzle is being presented at the IEEE Symposium on Security and Privacy in San Francisco today.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
21%
13%
4%
21%
31%
10%

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Senior IS Compliance Analyst (Risk Assessments) - Growing area

Senior IS Compliance Analyst / Risk Analyst (Risk Assessments...

Web Designer / UI Front End Developer - Opp in new department!

Web Designer / UI Front End Developer (HTML(5), CSS...

Senior Product Manager x2 (Online & Web Platform) - Global Org

Senior Product Manager x2 (Online, Software & Web...

Senior Web Developer / OO Software Engineer (Learn Ruby!)

Senior Web Developer / Software Engineer (Opportunity...
To send to more than one email address, simply separate each address with a comma.