In recent years malicious software (or “malware”) has become a persistent problem targeting computers and other devices in organizations and businesses for political and/or economic motives. One way of infiltrating a target computer or device is using active content on websites to serve as a malicious exploit.
The malicious downloaded active content can exploit a browser or a browser add-on vulnerability to take control of the browser.
The malicious downloaded active content can use techniques such as ROP (return oriented programming) to circumvent security measures in the browser and the operating system such as DEP (Data Execution Prevention) or ASLR (Address Space Layout Randomization).
A security technique called “sandboxing” aims at detecting malware code by forcing downloaded active content to run in a dedicated simulated virtual environment on a computer based system of one type or another to analyze it for behavior and traits indicative of malware. A sandbox system tries to get infected by the malware and analyzes its behavior inside the simulated virtual environment. Currently, sandboxing is a leading alternative to traditional signature-based malware defenses, and it is used to spot and analyze previously unknown malware and stealthy attacks in particular.
However, sandboxing does not detect all malware, such as in cases where particular user configurations or user actions are required to activate the exploit.