Compare:
2012 ~ http://www.symantec.com/connect/blogs/blackhole-exploit-kit-gets-upgrade-pseudo-random-domains
2009 ~ http://stackoverflow.com/questions/424292/how-to-create-my-own-javascript-random-number-generator-that-i-can-also-set-the
Is it possible that the original algorithm came from this StackOverFlow question?
New lines given in the BlackHole Exploit Version:
var s = d.[i]getHours/i > 12 ? 1 : 0;
Lines moved in the BlackHole Exploit Version (moved to function generatePseudoRandomString(unix, length, zone)):
var rand = new RandomNumberGenerator();
Also, the function RandomNumberGenerator passes the variable “unix” in the BlackHole Exploit version and not in the original.