Select Page

We’re seeing a lot of reports in relation to dubious Facebook pages using Javascript to try and spam anybody who happens to be on your friends list. Here’s a typical example:

Facebook Javascript pages

Should the end-user hit the “Click here” button, rather nifty prompts appear that encourage them to do something a little bit silly:

Facebook javascript prompts

If you’re somebody that knows their way around the keyboard, you’ll immediately recognise the above as “Copy”. But what are you copying? And what do they want you to do with it?

Facebook javascript prompt

For anyone that isn’t aware, ALT + D will put the focus back onto the URL bar in the browser. Let’s see, you’ve copied something, switched back to the URL bar – I wonder if they want you to paste something into the browser?

Facebook javascript prompt

Yes, it looks like they do. The end-user will paste the following Javascript code into the address bar. This isn’t a good thing:

Fbookjavawrm0

Once the end-user hits the enter key, two things will happen.

A “suggest this to your friends” box will automatically flash up on the screen for a second or two:

suggest this prompt

It then vanishes, replaced by a CAPTCHA prompt.

security check

The end-user will probably fill this in, and once this happens the spamlink will appear on the news feed of anybody who happens to be their friend:

on your wall

From there, the links “go viral” as people are endlessly suckered into visiting the pages, pasting the Javascript into the browser and making money for the creator.

How are they making money, you ask?

A website will appear inside the Facebook page, covered with a CPA lead box that wants you to fill in a survey or take part in a competition to see the content (and by “content”, I mean “random site or spamblog that isn’t worth wasting six seconds of your life looking at”).

CPA popup

Of course, people not familiar with these kinds of scams will happily sign their life away to expensive ringtones, fake iPod offers and mail order doodahs (technical term). If you want an idea of how many people are firing these links around at present, here’s a random sample from just four of these pages (there’s a lot more of them out there):

how many

We can’t show a screenshot for the next group as it’s a bit naughty, but here’s the total of “likes” anyway:

how many

Same again for this one:

how many

Let’s finish off with a page that’s currently sitting on 21,347 “Likes”:

Fbookjavawrm21

Is that a frankly terrifying number of people entering random code into their browser without knowing what it is then hitting the okay button?

Unfortunately: yes.

We’ve notified Facebook, and hopefully some of these pages will be dismantled over the coming days.

Christopher Boyd


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34