Description: Encoded javascript malware to load the "Fake AV" virus from
multiple domains.
After decoded, it load iframes from sites like beolinkonline.com, smasmaild.com, etc.
Affecting: WordPress-based web sites.
Clean up: Malware is hidden at the header.php inside the themes directory.
Malware dump: