Hi spg SCOTT,

Thanks for your giving your observations while testing, very rewarding and helpful you checked that. As I got the webshield alert when I trying to open up a page with the original exploit code of the exploit used, that could be interpreted similar to what you experienced after de-obfuscation. So the morphed version could go under the radar, report that to virus AT avast dot com so we can have protection for the obfuscated variant as well.

polonus