Microsoft Builds JavaScript Malware Detection Tool

Trailrunner7 writes "As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect users. Few have been forthcoming, but Microsoft Research has developed a new tool called Zozzle that can be deployed in the browser and can detect JavaScript-based malware on the fly at a very high effectiveness rate. Zozzle is designed to perform static analysis of JavaScript code on a given site and quickly determine whether the code is malicious and includes an exploit. In order to be effective, the tool must be trained to recognize the elements that are common to malicious JavaScript, and the researchers behind it stress that it works best on de-obfuscated code."

The Question

[Dunbal]

Does this malware tool come with its own exploits built in like all the other Microsoft software?

The (relevant) Question

[kestasjk]

Does it prevent more real-world attacks than it makes possible?

Punchline

[Anonymous Coward]

The app is called Internet Explorer. And it finds ALL the javascript malware!

No obfuscation please

[irober02]

Dear Malware Writer, I've just installed this cool MS malware/JS detector but it doesn't work with obfuscated code so, please don't hide your tricky JS code otherwise I won't be able to stop you abusing my computer. thanks, much appreciated. ;-)