Description: Our scanners identified an encrypted (encoded) javascript block that used the Dadong's JSXX 0.XX encoder. This code is often seeing on compromised sites with the latest 0-day exploit for Java.
We have been seeing it on other infections, but not very frequently (Aug/2012).
http://ok.aa24.net/meeting/index.html
http://59.120.154.62/meeting/index.html
62.152.104.149/public/meeting/index.html
Affecting: No specific targeted.
Clean up: Malware is hidden at the javascript files.
Last update: Aug/2012.
Malware dump: