Your one-stop web resource providing safety and security information to manufacturers

An open-source tool is in development that allows users to track and record the behavior of JavaScript programs without alerting the websites that run those programs.

The tool, called VisibleV8, runs in the Chrome browser and is designed to detect malicious programs capable of evading existing malware detection systems, said researchers from North Carolina State University.

“When you go to most websites, your browser starts running the site’s JavaScript programs pretty much immediately – and you have little or no idea of what that JavaScript is doing,” said Alexandros Kapravelos, co-author of a paper on VisibleV8 and an assistant professor of computer science at NC State.

“Previous state-of-the-art malware detection systems rely on making changes to JavaScript code in order to see how the code is being executed,” he said. “But this approach is easily detected, allowing malware programs to alter their behavior in order to avoid being identified as malicious.

Schneider Bold

“VisibleV8 runs in the browser itself, recording how JavaScript is executed; it doesn’t interact with the code and, as a result, is far more difficult to detect.”

VisibleV8 saves all of the data on how a site is using JavaScript, creating a “behavior profile” for the site. That profile, and all of the supporting data, can then be used by researchers to identify malicious websites and the various ways JavaScript is used to compromise web browsers and user information.

Because VisibleV8 consists of only 600 lines of code, out of the millions of lines of code in Chrome, the software tool is relatively easy to keep up-to-date. This is an important consideration given that Chrome’s code is updated approximately every six weeks. VisibleV8 can also be used to target the most likely malicious behaviors without hurting browser performance.

“We’ve created a stealthy tool for monitoring JavaScript in the wild,” Kapravelos said. “We’re now making it open source, in hopes that it will be useful to anyone doing research on web privacy and security.”

Click here to download VisibleV8 from Kapravelos’ site.

Pin It on Pinterest

Share This