Maybe I'm too naive, but I really don't get why people do this (the spamming, not the dissecting). Whoever did this could probably land a nicely paying programming job, no?
Is spamming that lucrative or what's going on?
I had a wordpress site hit with one of these attacks years back. I took it apart to see how it worked. It was a pretty messy hack, but I give them credit for working within the constraints they had.
I've seen some code from vendors using ZendGuard and kind of wondered how it worked - I'm assuming any dissections of their obfuscation algorithm or code would be served a takedown notice real quick.
That was pretty straightforward.
Check this <a href="http://ideone.com/VImf2v" rel="nofollow">http://ideone.com/VImf2v</a> :)