Hi alisonnic,

Code has to do with a Wordpress vulneralibility, a so-called js unpacker bug hack; It goed through following steps-like

  1. Decoding option browser →
  2. Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn →
  3. setAttribute src → var newurl] URL= →
    Well that is what the hack is trying to perform and then searching for the right bit of code of this malware, we can determinate it as described here: http://sucuri.net/malware/malware-entry-mwjs457
    So mentioned site was hacked to perform a downloader worm alias Iframer type of worm infection redirect via “newurl etc.”, mostly found at the end of the code or given obfuscated within the malcoded javascript,

polonus