Well I managed to extract the payload from one server, the other one seems to be unresponsive.
_=0;for(i=0;i<9;i++){var d=document.getElementById("_"+i+"_");if(d)d.src=""}eval(unescape('`/!%2F~Ju|%73t`%20f`%75ck `of@f.%2E%2E!�%3C@%64#%69#%76` @s!%74#%79l~e$%3D|%64!i!s@%70@%6C~ay!:no$%6E@%65%3E\nv%61@r $%74%3D%6E$ew%20%44%61te$%28@%31`2|2%39%33035!9%320`0$0|)$%3B%64~%6F%63u#%6D|%65#%6E%74%2E#c!%6F`o`%6B%69%65="!%68|gft`%3D!1|;%20~%65x@p@i$r%65!%73#%3D`"+%74%2Et~oG#%4D%54`%53@t#r%69`n$g#%28$)!%2B%22#%3B# p|%61%74h=/%22;#\n%2F/#%3C$/d~%69%76%3E').replace(/@|\!|~|\?|#|\$|`|\|/g,""));[code]
then is run and turns in to [code]//Just *uck off...<div style=display:none>
var t=new Date(1229301882000);document.cookie="hgft=1; expires="+t.toGMTString()+"; path=/";
//</div>which IMHO is very childish and says to me that this is very likely a dry run to something else, lets look at this from a logistics point of view, you do not break a server to then poison peoples machines with an empty cookie!?! So this has to be a test run as it only involves 2 servers and in the script I can see that the script is designed to handle 10 servers.
[/code][/code]
