Hi forum friends,
For the example see my jsunpack link given further down. We see such an attack reported here at Wordpress dot org forums: http://wordpress.org/support/topic/website-is-being-redirected
Here the decoding of similar injected javascript is being discussed at stackoverflow dot com: http://stackoverflow.com/questions/3391623/decode-some-injected-javascript
user409021 on that link in his posting comes up with the proper decoding of the malcode.
See for the injected script input here: -http://jsunpack.jeek.org/?report=fffdca68ca4bbe507421f9f3519ef75551a7f23a
Go there only if security savvy, with script blocking active and inside a virtual environment.
What we have seen is an Adsense hijacking script that is redirecting visitors after 5-15 secs or right away to earn on fraudulent clicks. Good to know that avast webshield detects this as JS:Downloader-IR[Trj] and blocks the website or the file right away!
polonus