This article is very interesting for me and I think who invent this is very smart. I cut off some paragraphs of this article. If you want to see full article, please go to the Source.
If this was found on a webpage, you might just overlook it as something benign.
It starts off by defining an array of hexadecimal values which look like a representation of different colors.
The function “div_pick_colors” concatenates them into one long string after ignoring the pound sign. You end up with this:
The same function then grabs two characters at a time and does some fancy footwork to convert it into a malicious redirect.
s += String.fromCharCode(parseInt(c_clr, 16) – 15);
Let’s go through this quickly…
Get the first two characters from the string above (which is “4b”).
Convert it from hexadecimal to decimal (you’ll get “75″).
Subtract 15 from the decimal value (which is “60″).
Now convert the decimal value to ASCII (you’ll end up with “<").
Now do the next one...
Get the second two characters (which is "82").
Convert it from hex to decimal (you'll get "130").
Subtract 15 from the decimal value (which is "115").
Now convert the value to ASCII (you'll end up with "s").
If you continue along, you'll end up with the following redirect code:
If you want to cheat, you can insert an alert into the script which will popup the redirect code in one fell swoop.