Everyone remembers back when you had AOL Instant Messenger, a major threat was getting a virus. Once a friend got one, it would send itself as a chat message to all of their friends, propagating across the network.
var chatmessage = '%firstname% See who views your profile @ x.co/WkdW?'+randomnumber;
var postmessage = 'My Top Profile Viewers: \n\ %tf% - 1136 views \n\ %tf% - 983 views \n\ %tf% - 542 views \n\ %tf% - 300 views \n\ See who views your profile @ http://x.co/WkdW?'+randomnumber;
var redirect = 'http://aafv8vni.info/final.php';
var eventdesc = 'Hey everyone, \n\ fb now lets you see who viewed your profile! to enable this feature, go here! - http://x.co/WkdW?'+randomnumber;
var eventname = 'How to see who viewed your profile!!';
This first part was very simple. Apparently it just creates a random link, and spreads it three ways: chat messages, wall posts, and events. The event creation is something I haven’t seen before and was kind of interesting. Also, for those interested, the values provided are hard-coded into the script, which means they are completely fake. This was assumed, but it’s nice to know for sure. I’m not sure what the random number is for, maybe the author is doing some cool social network analysis on people who click on links like this. The redirect goes to a pages that links to several surveys that allow them to “verify your identity.” This is probably just more ways to spam you and make money.
The rest of the code is very obfuscated due to variable and function naming. Some parts to note are that the author left debug functions intact and uses unique URL identifiers for each instance. I’m not sure if this is for tracking purposes, but it could open some cool doors for network mapping of gullible people. The funny thing is that it doesn’t actually harm your computer (that I know of), and only tries to spread itself. This could just be the beginning of something bigger, but for right now the worst part is the embarrassment and cleanup of your Facebook profile. The code itself is not very intriguing, since XSS is a commonly known information security vulnerability affecting many sites on the internet. However, since the script relies on a victim actually pasting code into the URL bar once they are on Facebook, this scam is easy to avoid.