While investigating an attack, I came across a piece of javascript that was quite unusual. Most javascript obfuscated malware uses custom “packers” if you will to mangle the actual code that performs the attack. This code must become “unpacked” at some point to be interpreted by the web browser. Simply looking for document.write or eval [...]
