Maybe, even with that, they wouldn't be persistent enough or would be too easily traceable to a source, or blockable? Or maybe js doesn't allow the level of access that flash or java might, so the ROI isn't worth it.
Although the case might be different for browser plugins (I don't know), it might be more effective to poison one of those than, say, run something directly in a browser.
Although the case might be different for browser plugins (I don't know), it might be more effective to poison one of those than, say, run something directly in a browser.