As you can see from the screenshot PSD‘s website www.psd.ro is infected with an exploit bomb followed by a trojan dropper of course. πŸ™‚

Here is the obfuscated js that was injected several times into the websites index.php(click to enlarge):

A quick search on google revealed:

http://www.symantec.com/connect/blogs/new-obfuscated-scripts-wild-lgpl

Which looks very similar with the malware found on psd.ro.

And that’s about it since i am too tired to look further into it, going to take a nap. πŸ˜‰

UPDATE: Care for a joke?

The malware on psd.ro seems to have a Pусская(Russkaya) touch. πŸ˜†

Don’t worry, Romanians will get it. (1 & 2)