Hi alisonnic,
Code has to do with a Wordpress vulneralibility, a so-called js unpacker bug hack; It goed through following steps-like
- Decoding option browser →
- Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn →
- setAttribute src → var newurl] URL= →
Well that is what the hack is trying to perform and then searching for the right bit of code of this malware, we can determinate it as described here: http://sucuri.net/malware/malware-entry-mwjs457
So mentioned site was hacked to perform a downloader worm alias Iframer type of worm infection redirect via “newurl etc.”, mostly found at the end of the code or given obfuscated within the malcoded javascript,
polonus