摘要 |
A system, method, and computer-readable medium for detecting malicious computer code are provided. Instructions, such as HTML or JavaScript instructions may be received from a server, parsed, and executed. During execution of the instructions, one or more functions of a software application, such as a web browser, may be hooked, and an event object may be created for each called function that is hooked, resulting in a collection of event objects. Rules may be matched with event objects of the collection of event objects to detect malicious code. Attributes from the matched event objects may then be used to locate original malicious script or code injected into a web page. Launch a software application Receive instructions Call a primary function of the 103 software application Intercept the function call Call and execute a secondary 105 function Store an event object created by 106 the secondary function into a collection of event objects Call and execute the primary 107 function Yes Another; Function? <N o oto 302 Fig. 1 |