Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on December 3, 2010

Microsoft Research has cooked up ‘Zozzle,’ a tool to detect malicious JavaScript


Microsoft Research has cooked up ‘Zozzle,’ a tool to detect malicious JavaScript

The last time we checked in on Microsoft Research we ran across The Archivist, opening a whole new world of Twitter analytics for ourselves. Today we are going to visit Microsoft’s Research division yet again, but will focus on security instead of social analytics.

We are discussing your security, to be specific. The smart folk over at Redmond have cooked up a powerful new tool called Zozzle that helps protect people from malicious JavaScript that could contain malware. As you well know, Microsoft products are just recently beginning to shed their stigma of being wildly unsafe and prone to being compromised.

Zozzle is as wonderful as it is far off; as it stands now there are no current plans to release Zozzle to the public. That however does not stop the concept from being very interesting. To prevent us from muddying the technology of the product, this is the nutshell-version of what Zozzle does as explained by the very important and lovely ThreatPost (condensed):

Zozzle is designed to perform static analysis of JavaScript code on a given site and quickly determine whether the code is malicious and includes an exploit… Zozzle makes use of a statistical classifier to efficiently identify malicious JavaScript.

Zozzle is specifically designed to detect and defend against heap-spraying exploits launched by malicious JavaScript found on Web sites… The novelty of ZOZZLE comes from its hooking into the JavaScript engine of a browser to get the final, expanded version of JavaScript code to address the issue of deobfuscation.

Zozzle has an extremely low overhead when deployed in a browser–on the order of 2-5 milliseconds per JavaScript file–and has a false-positive rate of less than one percent.

We find this to be a killer interesting idea, and one that appears to have been brilliantly executed thus far. While a one percent (or so) false positive rate feels too high for mass release, this is the sort of product that Microsoft could bake into Internet Explorer 9 to give it another leg up on the competition in the ever-burning browser wars.

While that would be a good move competitively, we would like it even more if Microsoft released the project and its methods to the community to tinker with and deploy in other products around the web.

We’ll try and bring you more neat stuff from Microsoft Research when we come across it. For fun, this is a picture of a bunch of the Research staff, hi guys!

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with