Server-side script polumorphism: Techniques of analysis and defense

It is said that more than 50% of web-based malware originates in malicious IFRAME injection attacks. But what is behind those pesky URLs? A while back, it was an easy task to find out - the code behind it was plain or just slightly obfuscated. Lately though, script encryption routines have become more and more elegant and sophisticated. As attackers deploy exploits for a wide range of vulnerable components, it becomes not only an issue of evading security products, but also a way of protecting intellectual property (0-day vulnerabilities are a ldquovaluablerdquo asset).