I published the following diary on isc.sans.edu: “Old Worm But New Obfuscation Technique“: Yesterday I found an interesting JavaSvript script delivered through a regular phishing campaign (SHA256:70c0b9d1c88f082bad6ae01fef653da6266d0693b24e08dcb04156a629dd6f81) and has a VT score of 17/61. The script obfuscation is simple but effective: the malicious code is decoded and passed to an eval()
