Its technicians Microsoft created, as they mention the first one platform in the world specifically designed to stop exploit kits.
The tool is called “Kizzle” and is a fast signature compiler that aims to detect the common practice of code reuse by malware developers to detect disguised signatures weeks before they are detected by current malware techniques. anti-virus.
For those who do not know, exploit kits are an attempt to pack many attack techniques and tools into a multi-tool.
Researchers Stock, Livshits, and Zorn from the University of Erlangen in Nuremberg and Microsoft technicians have released the Kizzle study: A Signature Compiler for Exploit KitsPDF) indicating that the Kits bundles seemed outrageously different until they were decompressed.
“The approach taken by the Kizzle tool is based on our observation that while exploit kits often change the malware they contain, kit authors generally reuse much of the code from version in issue.
"Ironically, this is a software technology practice that allows us to develop an extensible and accurate detector that is able to respond quickly to superficial but frequent changes in exploit kits. "
False positive notifications are less than a 0.03%, so we are talking about a huge improvement compared to today's commercial anti-virus.
New technology from Microsoft marks a new era in online security, at least until malicious developers have updated their techniques.
Whatever the researchers' efforts are, however, very worthwhile for today's online community, which is also being attacked by canned threats.