A new scam is spreading through Facebook via the use of small javascript code snippets which users are enticed to enter in order to reveal a “Facebook revolving images” feature.
For those interested in how the exploit works, it’s relatively straight forward. The user is promised a “revolving images” feature as pictured below. All they need to do is copy and paste a piece of javascript into their browser. While they do receive random revolving images of their friends, in the background the script goes to find their “Email Upload Address” (found here).
Right now the scam appears to be spreading via the following sites:
- http://revolvingimages.info/fb/
- http://kewlpics.tk/
- http://itsmajic.tk/
While the damage is currently limited, Aditya Punjani, a developer, sent us the following code which illustrates how the new exploit can produce greater damage. While this scam doesn’t appear to be generating any massive damage, limiting updates to users’ statuses, this could evolve into a bigger scam over time. We’ll be interested to see how this evolves.
Make sure not to click any of the links which offer the “Facebook revolving images” feature!
Source: All Facebook
Saturday, November 27, 2010