I was looking for a motor website and noticed this suspicious looking JavaScript code:
https://web.archive.org/web/20200705182323/http://www.turnigy.com:80/about-us/
It is apparently a 3-level deep obfuscation of some website redirection that failed, because Wordpress faithfully encoded it rather than inserting directly.
- hack1.js is the code that appears visually in the webpage.
- hack2.js is the content of variable
VWGMMLIBLQthat getseval()din hack1.js - hack3.js is the content of variable
BPCDLVJEMJthat getseval()din hack2.js - hack4.js is the content of variable
decthat gets executed via(new Function(dec))();in hack3.js
