Доклад Бена Лившица, исследователя Microsoft Research, с конференции HTML5 Camp.Over the last several years, JavaScript malware has emerged as one of the most popular ways to deliver drive-by attacks to unsuspecting users through the browser. This talk covers recent Microsoft Research experiences with finding malware on the web. It highlights two tools: Nozzle and Zozzle. Nozzle is a runtime malware detector that focuses on finding heap spraying attacks. Zozzle is a mostly static detector that finds heap sprays and other types of JavaScript malware. Both are extremely precise: Nozzle false positive rate is close to one in a billion; Zozzle's is about one in a million. Both are deployed by Bing and are used daily to find thousands of malicious web sites. This talk focuses on interesting interplay between static and runtime analysis and cover what it takes to migrate research ideas into real-world products.
