A technical paper by Fraser Howard, SophosLabs, UK
- regsvr32 –s
Figure 12: Some simple string obfuscations within Blackhole Java content.
Since early 2011 Blackhole Java components have aggressively used these simple string obfuscation techniques in an attempt to evade detection. Despite these efforts it is perhaps ironic that during the same period, the filenames often used for the JAR and class files were quite recognisable (worms.jar perhaps being the best example!).
More recently there appears to be increased efforts to evade detection. In addition to string obfuscation, commercial tools are also being used to protect/obfuscate the code. Numerous tools are available, but the two that are mostly used at the time of writing are listed below.
- Allatori Java obfuscator 
- Zelix KlassMaster 
As you would expect these tools deliver much more than just string obfuscation. They also provide name and flow obfuscation, making it extremely hard to convert decompiled code into anything that is readily understandable.