What exploit is flagged here?

See: https://www.virustotal.com/nl/url/89a3108077fddb4eee3c31bd5d38b0bccdb8aa4b4452372b46601d90114bd493/analysis/1439063574/
7 malicious files detected: http://quttera.com/detailed_report/www.rcru.org
Severity: Malicious
Reason: Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details: Malicious obfuscated JavaScript threat code

[[function dnnViewState]]  

100/100% malicious: http://zulu.zscaler.com/submission/show/cd55df8dfbc7fd428d023dd99fff996c-1439063715
Malware flagged: https://urlquery.net/report.php?id=1439064048187
Infested with SEO Spam: ISSUE DETECTED DEFINITION INFECTED URL
SEO Spam MW:SPAM:SEO?g12 -http://www.rcru.org/j/index.php
SEO Spam MW:SPAM:SEO?g12 -http://www.rcru.org/j/
SEO Spam MW:SPAM:SEO?g12 -http://www.rcru.org/j/index.php
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?g12
t=‘’;}}x[l-a]=z;}document.write(‘<’+x[0]+’ ‘+x[4]+’>.‘+x[2]+’{‘+x[1]+’}</‘+x[0]+’>');}dnnViewState();

Read: http://vel.joomla.org/articles/844-spotting-spam-code-in-malicious-extensions
Malware already with us for a couple of years: http://forum.joomla.org/viewtopic.php?f=432&t=814605
Also consider: https://urlquery.net/queued.php?id=540967969
This is a bad zone: Could not get name servers for ‘ads.mobilejoomla.com’.
See: http://www.dnsinspect.com/mobilejoomla.com/1439064538
WARNING: Name servers software versions are exposed:
64.131.77.225: “9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3”
64.131.77.226: “9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3”
Re: http://www.solvedns.com/mobilejoomla.com

polonus