Facebook Page Invite-All-Friends Hack Warning!

So I just got this odd suggestion from a Facebook friend to "like" a Facebook page called "This Guy Took A Picture Of His Face Every Day For 8 Years on Facebook". I'm not linking to it because of the obvious screwed up tactics.

The process to view this page involved_

  1. Liking or "Like"-ing the page
  2. Copy-pasting shady javascript into your browser

I've worked with clients in building Facebook App and Pages who want # 1. But # 2... ooo, that's some shadiness. You can do all sorts of fun things with Javscript in a browserbar, especially when already logged into Facebook.

Here's what I did to decrypt the javascript_

  1. Setup an easy html page that unencodes and escapes the characters
  2. Put in this shady page's javascript
  3. Decode and map the variables

You can check out the descrambled script here_ My Decoder Page with his Shady Code Inside

Then I came to my senses and found the same process on StackOverflow

Looks like the script selects your entire friend-list, and auto-submits a "suggested like" of the page to them.

Shady sir. But hey, he's got 100k+ likes now (and a 1+ "spam report" from me).

To bad ethics bars us from spamming a "report as spam" suggestion e-mail.

This article is my 39th oldest. It is 208 words long, and it’s got 0 comments for now.