Caffeine Monkey: Automated Collection, Detection, and Analysis of Malicious Javascript

This paper and accompanying presentation was first presented at Blackhat USA 2007 and DEFCON 15 (OX0F). Ben Feinstein and I explore the browser as an increasingly ubiquitous target for attacks.

We examined the current state of JavaScript obfuscation and evasion techniques, approaches for collecting JavaScript samples from the wild, and methods for analyzing the collected scripts. We developed a suite of tools for collecting and indexing JavaScript, interpreting the scripting in a sandboxed environment, and performing functional analysis for manual, as well as automated detection mechanisms.