Tag Archives: JavaScript

Microsoft Builds JavaScript Malware Detection Tool

Posted by on 13/12/2010 No comments

Trailrunner7 writes “As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect users. Few have been forthcoming, but Microsoft Research has developed a new tool called Zozzle that can be deployed in the browser and can detect JavaScript-based malware on the fly at a very high effectiveness rate. Zozzle is designed to perform static analysis of JavaScript code on a given site and quickly determine whether the code is malicious and includes an exploit. In order to be effective, the tool must be trained to recognize the elements that are common to malicious JavaScript, and the researchers behind it stress that it works best on de-obfuscated code.”

Read more of this story at Slashdot.

Link to the original site

Google Goes On Offensive vs. JavaScript Attacks

Posted by on 28/07/2010 No comments

alphadogg writes “Google’s e-mail security team has updated its Postini engine to stop a new type of JavaScript attack that helped fuel a rise in spam volume in recent months.

Google says it has seen a surge in obfuscated JavaScript attacks, describing them as a hybrid between virus and spam messages. The e-mails are designed to look like legitimate messages, specifically Non Delivery Report messages, but contain hidden JavaScript.

‘In some cases, the message may have forwarded the user’s browser to a pharma site or tried to download something unexpected,’ Google said in its official blog.”

Read more of this story at Slashdot.


Link to the original site

Google Releases Open Source JavaScript Tools

Posted by on 06/11/2009 No comments

Dan Jones writes “Google has open sourced several of its key JavaScript application development tools, hoping that they will prove useful for external programmers to build faster Web applications. According to Google, by enabling and allowing developers to use the same tools that Google uses, they can not only build rich applications but also make the Web really fast. The Closure JavaScript compiler and library are used as the standard Javascript library for pretty much any large, public Web application that Google is serving today, including some of its most popular Web applications, including Gmail, Google Docs and Google Maps. Google has also released Closure Templates which are designed to automate the dynamic creation of HTML. The announcement comes a few months after Google released and open sourced the NX server.”

Read more of this story at Slashdot.

Link to the original site

Reddit Javascript Exploit Spreading Virally

Posted by on 29/09/2009 No comments

Nithendil writes “guyhersh from reddit.com describes the situation (warning: title NSFW): Based on what I’ve seen today, here’s what went down. Reddit user Empirical wrote javascript code where if you copied and pasted it into the address bar, you would instantly spam that comment by replying to all the comments on the page and submitting it. Later xssfinder posted a proof of concept where if you hovered over a link, it would automatically run a Javascript. He then got the brilliant idea to combine the two scripts together, tested it and it spread from there.”

Read more of this story at Slashdot.

Link to the original site