Another nasty Javascript exploit
From: SANS Internet Storm Center Alert
The de-obfuscated URL goes to (dont click!!) js.pceb.cc, which resolves to 85.255.114.158, which is - surprise surprise - the address range of INHoster in Ukraine. Although we are wary of excessive block-lists, we have repeatedly recommended in the past that you block this range 85.255.112.0 - 85.255.127.0
Now look who else resides on that IP address:
85.255.114.148 wrkd1s2tr.biz
85.255.114.148 outpostsupport.com (Win32/TrojanProxy.Daemonize)
85.255.114.148 lavasoftupdate.com
85.255.114.148 drwebupd.com
Just mentioned these characters the other day ... you can add the following entry to your HOSTS file, until the next update.
127.0.0.1 js.pceb.cc #[Trojan.Win32.Rootkit.E]