Description:
Malicious scripts that use two layers of obfuscation: Base64 (decodeded via the atob JavaScript function) and arrays of character codes (decoded via the fromCharCode function). These might be not he only levels of obfuscation.
Example of the two layers of obfuscation
First layer: atob
var WMLPZBKSRZ = atob('dmFyIEFDUFFZWVhBVE4gPSBTdHJpbmcuZnJvbUNoYXJDb2RlKDExIC0gMSwgMTIxIC0gM...skipped...IDQpO2V2YWwoQUNQUVlZWEFUTik7');
eval(WMLPZBKSRZ);
Second layer: fromCharCode
var ACPQYYXATN = String.fromCharCode(11 - 1, 121 - 3, 106 - 9, 121 - 7, 39 - 7, 113 - 6,...skipped..., 16 - 6, 14 - 4);eval(ACPQYYXATN);
Affecting: Any web site (no specific target).