karl westin – the angry designer

Code, rants and occasional facts

The facebook scam "101 hottest women" and why you clicked it

have you seen any of you're facebook friends clicking something like this lately?

Bild_3

Hmm... maybe not something you wanna show off to your friends. But how come?

It comes in various size and colors, Chinese Videos that makes you fall asleep (you MUST see it!), cutest pets, whatever. But what is it, and what do the people behind this want?

Since this one seems to be pretty common, plus that it's working in a lot of different versions currently. I wanted to look through it a little!

0. What is it?

Basically, some people want to fool you into filling out a survey, to see some old crappy content. The content is usually not even theirs.

The scam doesnt seem to attempt to steal anything from you PLEASE LOOK THIS UP, PEOPLE WITH THE RIGHT KNOWLEDGE.

Btw that porn-site you were looking for is here: http://www.maxim.com/girls/girls-of-maxim/92660/2010-hot-100.html

Here's what happens!

1. The moving "like button"

Wonder when you ever clicked "Like" on that link? You just clicked the normal link? No, you clicked the "like" button, which moves around with javascript:

    function lololol(e){

    if (window.event) 

    { // for IE

        aaaa.style.top = (window.event.y-5)+standardbody.scrollTop+'px';

        aaaa.style.left = (window.event.x-5)+standardbody.scrollLeft+'px';

    } 

    else 

    {

        aaaa.style.top = (e.pageY-5)+'px';

        aaaa.style.left = (e.pageX-5)+'px';

    }

    }

       document.onmousemove = function(e) {

        if (xxx == 0) {lololol(e);}

    }

Moves the button around. Then it redirects you:

function updateActiveElement()

{

    if ( $(document.activeElement).attr('id')=="xxx" ) 

    {

        clearInterval(interval);

        xxx=1;

window.location = "gallery.html";

    }    

}

 

2. The "tamper-proof" survey page

Is just an iframe with the link above. But there's some interesting JavaScript going on. It checks the following things:

  • That you haven't got an adblocker
  • If you're using mozilla firebug or other javascript console
  • If you're moving around the elements using this console or css editor

3. WTF is "surveys for charity?"

 

 

It's a website set up by the CPA leads (the company behind this). CPA Leads doesn't seem to be a serious company in any way. Registrar info for "surveys for charity": (whois.domaintools.com)

Domain Name:SURVEYSFORCHARITY.ORG
Created On:22-Jan-2010 20:19:29 UTC
Last Updated On:24-Mar-2010 03:48:04 UTC
Expiration Date:22-Jan-2012 20:19:29 UTC
Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:CR40825751
Registrant Name:CPAlead LLC
Registrant Organization:CPAlead.com
Registrant Street1:6845 Escondido Street
Registrant Street2:#107
Registrant Street3:
Registrant City:Las Vegas
Registrant State/Province:Nevada
Registrant Postal Code:89119
Registrant Country:US
Registrant Phone:+1.8669964666
Registrant Phone Ext.:
Registrant FAX:+1.2629224231
Registrant FAX Ext.:
Registrant Email:

 

4. Why the fuck are they doing this?

 

 

I don't know if there is any money in this. The company, CPA Lead, has at least fooled some people into believing that they can make money by serving up others peoples websites through a CPA Lead script. How much CPA themselves get from this, i don't know... Seems like they only wanna waste your time. By spreading it through facebook, using your friends as referalls, they can quickly get a lot of clicks. Its hard to find any information on how much each of these surveys pay, but it seems to be a couple of dollars, or some cents. 

The site 101hottestwomen.com is registered using a name protection service. That seems to be the case with these kind of things.

All the files i've found can be downloaded on: karlwestin.dienstleistungen.ws/scam_decon.zip