T
Tosal
Flightless Bird
Hi!
As an anti-malware company we have seen a lot of Java-Script malware in the
past few months. Unfortunately most of this malware is obfuscated and makes
it hard to detect.
The idea now is to have a callback or a hook for an IE extension which
allows us to intercept some important Java Script functions like eval and
document.write during (before) or post execution. This would allow AV vendors
to plug-in an AV engine which now should have the plain JS code for scanning.
We know that this could have some impact on JS performance. However, if the
hook is set for only some specific functions it would be acceptable in our
opinion.
Refer to http://securitylabs.websense.com/content/Blogs/3198.aspx for an IE
example - they did this already (the dirty way, however).
Refer to http://adblockplus.org/blog/deobfuscating-javascript for an FF
example. However, the FF implementation is too slow.
--
--------------
Tosal
----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.
http://www.microsoft.com/communitie...&dg=microsoft.public.internetexplorer.general
As an anti-malware company we have seen a lot of Java-Script malware in the
past few months. Unfortunately most of this malware is obfuscated and makes
it hard to detect.
The idea now is to have a callback or a hook for an IE extension which
allows us to intercept some important Java Script functions like eval and
document.write during (before) or post execution. This would allow AV vendors
to plug-in an AV engine which now should have the plain JS code for scanning.
We know that this could have some impact on JS performance. However, if the
hook is set for only some specific functions it would be acceptable in our
opinion.
Refer to http://securitylabs.websense.com/content/Blogs/3198.aspx for an IE
example - they did this already (the dirty way, however).
Refer to http://adblockplus.org/blog/deobfuscating-javascript for an FF
example. However, the FF implementation is too slow.
--
--------------
Tosal
----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.
http://www.microsoft.com/communitie...&dg=microsoft.public.internetexplorer.general