Now online web Trojans and more are several sets of a fixed code, The changes are not many, including script code encryption methods, almost all is to explain the type of encryption, since the hack is performed the process of hanging horse, Inglés for the automated analysis of web Trojan also already have lucrative results. Domestic I have ever seen of the automation network horse analysis system there know Chong Yu, 3 6 0 security guards and security identity, the other including domestic each big anti-virus security company, should also has its own set of nets horse analysis system.
Automated analysis of web Trojan in need of a good page analysis system, separating the page in a variety of static elements of the resource and script the content, while the need for an analog to the script interpretation engine and the sandbox environment, etc. I'm here only to say my two small ideas:
1. Pure static analysis
2. Sandbox analysis
Given that the first way of the drawbacks, we can still use the sandbox mode analysis, directly to the network horse lost to a real browser to run, but before we need to use first the old idea of the first use solution to several key scripting functions, similar to the following script to the breakpoint bar, the output key of the content or for the Scripting of behavior analysis. IE, we can use the COM HOOK, and the FF don't even need much effort to we can directly use Greaseamonkey plug-ins.
The above is just vague to say the two small ideas, not related to the actual content. I'm also slowly groping,“hackers”hung it way to certainly be more advanced, I tend to sandbox analysis.