Conventionally, in order to detect malicious scripts that cause malicious programs, such as computer viruses, to be downloaded and installed (for example, JavaScript (registered trademark)), techniques using emulators of browsers (hereinafter, referred to as “browser emulators”) have been proposed. For example, a technique has been proposed, which is for: causing a browser emulator to execute scripts of various Web sites; and analyzing results of the execution (see Non-Patent Literature 1 and Non-Patent Literature 2).
Such malicious scripts include scripts that obtain environment information of clients that have accessed their Web sites (malicious Web sites) and perform attacks according to environments of the clients, in order to improve success rates of the attacks (hereinafter, referred to as “environment dependent attacks”, as seen in Non-Patent Literature 3). Attack codes used in these environment dependent attacks are, for example, hypertext markup language (HTML) tag insertion codes for reading files related to plugins of browsers from outside, and codes that abuse the vulnerabilities of ActiveX (registered trademark) (see Non-Patent Literature 4).