[Userscript.org] Script with bad intentions...

Discussion in 'other software & services' started by m00nbl00d, Jun 18, 2013.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I was looking through Userscripts, when I saw the following userscript -https://userscripts.org/scripts/show/168982

    The description as you see is:

    Mandatory use encryption connection https. Gets rid of almost every google tracking device. Disable the Google search rewrite, always showing and using the real, original, direct link URLs, also to prevent from using redirected pages

    But, if you look at the source code, it will actually do something in Facebook, not Google, at all.

    -https://userscripts.org/scripts/review/168982

    My JavaScript skills aren't that great, so I don't understand everything, but I wonder if the author is in the hope of fooling the unaware user for some bad action on Facebook accounts?
     
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    One thing is clear: the description has nothing to do with the source code, so this is reason enough to keep away from it.

    I don't have the JS skills to analyse it, but googling for a phrase inside the source code ("Auto Suggest by Eran") will show you a lot of clones of that script.
     
  3. clubhouse

    clubhouse Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    180
    Userscripts.org Scam Filter 5.207 flags it as a suspected scam.





    -https://userscripts.org/scripts/show/163038
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I used http://jsunpack.jeek.org to analyise it, & amongst Lots of other stuff, found these strings.

    *

    suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes

    hidden|password|search

    googlesyndication.com

    "facebook_like"&&e!="twitter_tweet"

    navigator.systemLanguage=zh-cn

    *

    Chinese ? PW ? etc ! I'm no JS expert either, but "suspicious" appears to be correct. Apart from anything else, it sounds like it "could" be a Click Fraud due to the GS ?

    How many people would/Will get caught out with this ? Quite a Large number i guess !
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    A new review agrees and confirms our suspicions. How does Userscripts.org review new scripts anyways?
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I think the users themselves appear to be the ones reviewing the scripts. :doubt:

    Someone is claiming that a button to report as scam/malicious is needed at the scripts page. -https://userscripts.org/topics/704?page=8 (one of the last comments)
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Shouldn't have used the same word, I meant Userscripts.org's vetting process. Surprisingly, the script is still up, do they even listen to their own users?
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I understood your question. I took a look at the website yesterday, and couldn't find anything related to any vetting process. It does seem that the only way to know whether some script may be malicious is for someone with some knowledge/applies some logic to spot it. That seems to be it. :thumbd:

    Maybe the Userscript founders thought that because users can see the scripts code, everyone can analyse them and known whether or not they're malicious. If true, it's a crazy way of looking at things. o_O o_O
     
Loading...
Thread Status:
Not open for further replies.