Ok now,that's a pretty "funky" one...
It's being injected in misconfigured sites out there during last week - you can easily find few example complaints via google:http://www.google.com/search?q=188.8.131.52%2Fjquery.js
So far it can be trivially decoded thanks to Malzilla, and shows us the following...
Which is a pointer to pdf - Result: 0
Plus,a pointer to a swf as well - Result: 0
I'm not really able to successfully decode them statically without executing them though,any ideas?
I've got the impression that the .swf is more or less the container of a xor key,
that is being used in order for the pdf's contents to be decoded...
Or i'm i in a completely wrong direction,and i should better go grab myself some extra coffee?...
Password is "infected