Published on October 26th, 2019 📆 | 6156 Views ⚑
0Stealthy Tool Detects Malware in Javascript
The tool runs in the Chrome browser and is designed to detect malicious programs that are capable of evading existing malware detection systems.
âWhen you go to most websites, your browser starts running the siteâs JavaScript programs pretty much immediatelyâand you have little or no idea of what that JavaScript is doing,â says coauthor Alexandros Kapravelos, an assistant professor of computer science at North Carolina State University.
âPrevious state-of-the-art malware detection systems rely on making changes to JavaScript code in order to see how the code is being executed. But this approach is easily detected, allowing malware programs to alter their behavior in order to avoid being identified as malicious,â he says.
âVisibleV8 runs in the browser itself, recording how JavaScript is executed; it doesnât interact with the code and, as a result, is far more difficult to detect.â
VisibleV8 saves all of the data on how a site is using JavaScript, creating a âbehavior profileâ for the site. Researchers can then use that profile, and all of the supporting data, to identify both malicious websites and the various ways that JavaScript can compromise web browsers and user information.
Because VisibleV8 consists of only 600 lines of code, out of the millions of lines of code in Chrome, the software tool is relatively easy to keep up-to-date. This is an important consideration given that Google updates Chromeâs code approximately every six weeks. VisibleV8 can also target the most likely malicious behaviors without hurting browser performance.
âWeâve created a stealthy tool for monitoring JavaScript in the wild,â Kapravelos says. âWeâre now making it open source, in hopes that it will be useful to anyone doing research on web privacy and security.â
You can download VisibleV8 from Kapravelosâ site.
The researchers will present their work at the ACM Internet Measurement Conference 2019, in Amsterdam, Netherlands.
Support for the work came from the Office of Naval Research; DARPA; and the National Science Foundation.
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window,document,'script',
'https://connect.facebook.net/en_US/fbevents.js');
fbq('init', '10155007036758614');
fbq('track', 'PageView');
window.fbAsyncInit = function() {
FB.init({
appId : '622609557824468',
autoLogAppEvents : true,
xfbml : true,
version : 'v2.11'
});
};
(function(d, s, id){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {return;}
js = d.createElement(s); js.id = id;
js.src = "https://connect.facebook.net/en_US/sdk.js";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));
Gloss