Facebook Hacking Scripts On UserScript.org Are Fake, Or Worse
Over the past two months or so I have seen a number of Facebook hacking scripts posted on the userscripts.org website that supposedly hack into a user's Facebook account. These scripts - sorry no links - are fake, they won't work, and are maybe even malicious in nature.
The developers use fake reviews and fans to promote the scripts to the frontpage of the Userscripts website to attract more attention. When you look at the reviews and user accounts, you will notice a trend:
- All users give five stars to the userscript
- All accounts have a review profile that contains a lot of deleted scripts
- The language is basic, and usually with bad punctuation and grammar
Facebook Hack Script
Popularity does not happen overnight, and six five star reviews after a script has been available for an hour on the site is rare, but not unseen of. The next clue is the description on the script's frontpage.
It links to a blogspot blog and a direct download link right away. That download link should get you thinking. Why is there a need for a download link again,when scripts get installed directly in the browser?
The reason is simple: The script is used as a teaser to get users to click on the download link. If you look at the script's source code, you will notice that it is doing nothing at all.
It displays the same text that is already posted on the about text in the JavaScript file.
If you open that link in a browser, you are taken to one of those survey doorway pages. Fill out a survey before you can access the contents behind. The poster of the script makes money from those surveys.
Judging from the screenshot posted on the Userscripts website, the actual program looks fake. I closed the browser window once the survey popped up as I had no intention of costly subscriptions or leaking of my personal information to a shady advertiser to verify that first hand.
Even if the program is not fake, which is a really slim chance, it should not be posted on the Userscripts website in first place.
The team behind the scam are pushing other scripts as well. At the time of writing their pushing a Facebook Hack script and a Free Calls Worldwide Hack script on the site. My recommendation? Delete the scripts, ban the poster and reviewer accounts, change the way scripts are promoted to the frontpage (e.g. only after a specific time of being listed), or moderate scripts before they are posted on the site.
There are other scripts out there that are being used for malicious purposes. Some like a lot of pages on Facebook using your account, and others may even steal user data from you.
Advertisement
Let’s face it; if you’re trying to get into someones account you deserve to have your own machine screwed over in the process.
Call it natural selection.
That may be true however due to the extreme lack of moderation on userscripts.org something should be done to help, I’m not going to try justify attempting to bypass facebooks security measures but it has to be said that two wrongs don’t make a right.
There are a large number of scripts on the sight targeting users of such websites in order to exploit them for me its all about the quality, if I was the administrator of the website I would re-write it from the ground up to be more user friendly and avoid such instances.
If its too good to be true…
Maybe whats needed is a community response ironically a userscript itself which will filter results, block known bad guys and clean up the sites frontpage, etc. The blocking part could be pretty simple and adapted from one of the many google search result filter scripts hosted on the site, a maintained blocklist would be sweet.
Its usually pretty easy to tell which scripts are bad and which aren’t but there are also some that need to be rated more correctly.
There is a script like that but I hasn’t been updated since 2008.
http://userscripts.org/scripts/review/12552
I used to fight against this crap by posting counter reviews, but it was difficult and I kind of lost interest.
I wish it were not true but this is really something that has just been waiting to happen. An bunch of scripts uploaded with no oversight as to what they do then users download them and run them with chrome privileges? Madness.
then i look at todays date
Common sense is not so common .