METHOD FOR DETECTING MALICIOUS JAVASCRIPT
First Claim
Patent Images
1. A method for scoring and grading websites by observing script behaviors in a browser emulator, comprising:
- providing one or more virtual machines on a computing system comprising a processor configured by an operating system;
providing a communications link for each virtual machine to access hosts coupled to the Internet;
within a virtual machine, providing an enhanced browser emulator application wherein said enhanced browser comprises at least one enhanced script functions;
receiving a Uniform Resource Identifier (URI) for a source website for which the content is to be graded for hostile intent, wherein a URI comprises a protocol and a fully qualified domain name;
requesting by the browser a resource from said source website;
receiving said resource;
determining if shell code is contained within said resource;
determining if executable code is contained within said resource;
operating said enhanced browser emulator application wherein certain function calls are executed with enhanced visibility and analysis of its arguments, attributes, and results;
observing a behavior of the enhanced browser emulator as controlled by said javascript code contained within the said resource and scoring said behaviors for hostile intent.
11 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and system for scoring and grading websites and method of operation. An apparatus receives one or more Uniform Resource Identifiers (URI), requests and receives a resource such as a webpage, and observes the behaviors of an enhanced browser emulator as controlled by javascript provided by the webpage. The enhanced browser emulator tracks behaviors which when aggregated imply malicious intent.
285 Citations
18 Claims
-
1. A method for scoring and grading websites by observing script behaviors in a browser emulator, comprising:
-
providing one or more virtual machines on a computing system comprising a processor configured by an operating system; providing a communications link for each virtual machine to access hosts coupled to the Internet; within a virtual machine, providing an enhanced browser emulator application wherein said enhanced browser comprises at least one enhanced script functions; receiving a Uniform Resource Identifier (URI) for a source website for which the content is to be graded for hostile intent, wherein a URI comprises a protocol and a fully qualified domain name; requesting by the browser a resource from said source website; receiving said resource; determining if shell code is contained within said resource; determining if executable code is contained within said resource; operating said enhanced browser emulator application wherein certain function calls are executed with enhanced visibility and analysis of its arguments, attributes, and results; observing a behavior of the enhanced browser emulator as controlled by said javascript code contained within the said resource and scoring said behaviors for hostile intent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification