Abstract: Systems and methods for protecting client computers are described. One exemplary system includes an initial filter that gathers scripting-language-data from webpage data and a signature database of signatures of known scripting-language-data exploits. In addition, a parser generates a parse tree from the scripting-language-data, and a normalization and signature matching component reduces a complexity of the parse tree, generates a representation of at least a portion of a structure of the parse tree, and prevents the scripting-language-data from reaching an intended recipient if the representation matches one of the signatures of known scripting-language-data exploits.

Abstract: Systems and methods for protecting client computers are described. One method includes receiving webpage data at a proxy from a webpage before the data reaches an intended recipient; gathering scripting-language-data from the webpage data; normalizing the scripting-language-data so as to generate normalized data; emulating execution of the normalized scripting-language-data with a inspection-point-script-execution engine that that is adapted to provide inspection points instead of effectuating particular functions, and determining whether to block the data from the intended recipient by analyzing inspection-data collected from the inspection points.

Abstract: Systems and methods for protecting client computers are described. One method includes receiving webpage data at a proxy from a webpage before the data reaches an intended recipient; gathering scripting-language-data from the webpage data; normalizing the scripting-language-data so as to generate normalized data; emulating execution of the normalized scripting-language-data with a inspection-point-script-execution engine that that is adapted to provide inspection points instead of effectuating particular functions, and determining whether to block the data from the intended recipient by analyzing inspection-data collected from the inspection points.

Abstract: Systems and methods for protecting client computers are described. One exemplary system includes an initial filter that gathers scripting-language-data from webpage data and a signature database of signatures of known scripting-language-data exploits. In addition, a parser generates a parse tree from the scripting-language-data, and a normalization and signature matching component reduces a complexity of the parse tree, generates a representation of at least a portion of a structure of the parse tree, and prevents the scripting-language-data from reaching an intended recipient if the representation matches one of the signatures of known scripting-language-data exploits.