[Emerging-Sigs] A modest proposal: obfuscated javascript...

[Michael Stone]

On Fri, Mar 14, 2008 at 11:08:30AM -0400, Matt Jonkman wrote:
>We tried a signature like this a year or so ago, just looking for the
>unescape and such. If I recall right we had a lot of false positives and
>it was a good deal of load.

Oh, I'm suggesting that snort try to do this, just that if google took 
steps to stamp out obfuscated .js that it would be no great loss.

Mike Stone