Hi kris, I added a sig to detect some of these in phish.ndb. If you send me some samples I'll have a look to see if it matches. On 8 October 2015 17:14:58 Kris Deugau <kdeugau at vianet.ca> wrote: > I've been seeing Javscript malware on and off where (one layer of) the > Javascript obfuscation is done by taking the real code