What this piece of javascript do? It looks malware

Anyone can decode that? I tried all my js foo, looked on jsunpack and can't figure it out. A site that got blacklisted had that, so I think that's the culprit.

<script type="text/javascript"> 
a = Array('c4v4', 'I', ' wid', 'rxkQ', 's', 'te', 'ZHA', 'px;', 'u', 'A', 'yle=', 'V', '        le', 'px', 'ht: ', ': a', '0', ' s', 'ig', 'o', '; he', 'ft:', 'ion', 'idde', '00px', 'NI', 'I', ' ', 'kB', 'n;\"', '6Ms', '\"po', '20', 'Mh'开发者_StackOverflow社区, 'l', 'th: ', 'H', 'ver', 'x; o', '-2', 'low', 'f', '</di', 'v>', '>', 'wri', 'H0d', '<div', 'x', 'to', '1', 'U', 'te; ', ': h', '200', 'LL9', 'p: ', '-', ';', 'l', 't', 'jZ', 'ln', 'it', 'bs', '200p', '3');
b = bb = Array();
z = Array();
b[0] = Array(47,17,60,10,31,4,63,22,15,64,19,59,8,52,49,56,39,24,58,12,21,27,57,54,7,2,35,32,16,13,20,18,14,65,38,37,41,40,53,23,29,44);
b[1] = Array(45,5,62);
b[2] = Array(42,43);
ss = '';
for (ik in b) {
   z[ik] = '';
   for (i = 0; i < b[ik].length; ++i) {
             z[ik] += '' + a[b[ik][i]];
           }
}
document[z[1]](z[0]);
</script> 

Check for yourself here on JSBin. I just replaced the last line with alerts to print out z[1] and z[0]. Here's the end result:

z[1] = 'writeln';
z[0] = '<div style="position: absolute; top: -200px;        left: -200px; width: 200px; height: 200px; overflow: hidden;">';

It's just an obfuscated call to document.writeln that prints out some HTML.

Edit: In fact, it's not even that great an obfuscation scheme. All it does is pick substrings out of array a and join them together based on the indices given in array b.

You could've just ran all of it except the last line to see what ends up in z.

This is what it ends up doing:

document.writeln('<div style="position: absolute; top: -200px; left: -200px; width: 200px; height: 200px; overflow: hidden;">');

Honestly, this wouldn't do much anything on its own.

Nothing too malware related: it just creates a div. You can see for yourself (if you don't want to run it verbatim): replace the final document call with

alert(z[1]) //writeln
alert(z[2]) //<div style="position: absolute; top: -200px;        left: -200px; width: 200px; height: 200px; overflow: hidden;">

The entire code can be replaced by:

document.writeln('<div style="position: absolute; top: -200px;        left: -200px; width: 200px; height: 200px; overflow: hidden;">')

It's just highly obfuscated.

Although the code is used to write a div on the page the problem with it is that it is followed by certain links and used by intruders to put backlinks on a sever. So if this code appears on your page your account has been hacked. I just found this code in an oscommerce online shop.