There is little doubt that exploit kit (EK) developers are continuing to improve their techniques and are making exploit kits harder to detect. They have heavily leveraged obfuscation techniques for JavaScript and are utilizing browser functionality to their advantage. Recent exploit kits such as ‘Fiesta’ and ‘Rig’ for example, have been found to be using DOM based JavaScript obfuscation. In this blog I will demonstrate a simple approach to de-obfuscate DOM based JavaScript obfuscation
more here............http://research.zscaler.com/2014/07/de-obfuscating-dom-based-javascript.html
more here............http://research.zscaler.com/2014/07/de-obfuscating-dom-based-javascript.html