Read it! It's not too hard to understand. There's a link on the cited story.
The selection from the article fails to mention that deobfuscation was a major component of this work. If your exploit runs, whether it's through eval, an iframe, or any other means, Zozzle will see it fully deobfuscated. This is accomplished by hooking the compile function of the JavaScript runtime and performing analysis immediately before compilation.
There is a detailed analysis of false positive and false negative rates in the tech report. By "high effectiveness," the article means "high accuracy." Zozzle correctly classifies over 99% of JavaScript samples in the evaluation set, and has a false positive rate well below 1%.
It would be hard to claim Zozzle is bloatware: the static analysis requires little more time than simply parsing the code. Again, detailed analysis of Zozzle's performance is in the tech report.
The fancy name: I'm glad you think it's "fancy." Zozzle is trained on heap sprays collected by a highly precise runtime detector called Nozzle. Zozzle = zero-day Nozzle. Plus, it's fun to say. As a side note, Zozzle can detect ANY type of JavaScript attack, not just the heap sprays provided as training data. These attacks share many characteristics with other exploits.
Malware writers will adapt: Yes, almost certainly. However, there are some things you can't remove from your code, like calls to the JavaScript runtime functions being exploited. This means a lot of known attacks are off the table and malware writers will need to identify new vulnerabilities to successfully attack Zozzle's users. Even then, these attacks will eventually be picked up by other detection tools, Zozzle will be trained on them, and the malware writers need to start over. This is all assuming these new attacks don't contain patterns Zozzle has already been trained on. Zozzle raises the bar for malware writers, and significantly reduces the effectiveness of copy-pasted attacks (which are the vast majority of attacks on the internet today).
