The use of JJEncode in a drive-by download has been around for a couple of years but has been popping up a lot recently. A couple of readers have asked how to deobfuscate this so here’s a walkthrough with a live script. Here’s an automobile forum that’s been compromised: Viewing the source code, this link kicks off the infection: Then from alnera.eu, you end up getting this strange looking Javascr