Innobuzz Spamming out Orkut

Innobuzz (Innobuzz Knowledge Solutions) is a giving training on Ethical hacking and various other fields. They found a unethical and stupid way of advertising, spamming orkut users. The actual spam scrap contains the following message.

The spam message contains a java script, and message tells the user to copy and paste the script in address bar and press “ENTER” button. Once the user did this the script will download andother script “scr.js“. And also the spam scrap contains nice title “Orkut Rank“, this title lets all user to execute the script.

Once “scr.js” script is executed, it will display an advertisement titled “Innobuzz Knowledge Solutions – Newsletter – SQL Injection”, describes about SQL Injection technique. And also an advertisement for Innobuzz’s next course.

Next the “scr.js” is doing the nastiest thing, scraping the spam message to all the contacts found in your orkut profile. Let’s have look into “scr.js”. This “Scr.js” having separate functions for collecting friends list, sending scrap, sending scrp to all contacts in your profile. Lets see the code,

For Collecting all Contacts in your Profile:

var xml = createXMLHttpRequest();
xml.open(“GET”, “/Compose.aspx”, true);

For Sending Scrap:

xml.open(“POST”, “/Scrapbook.aspx”, true);
xml.setRequestHeader(“Content-Type”, “application/x-www-form-urlencoded;”);
xml.send(send);

My Dear Innobuzz there is lot of way to advertise. You are saying that you are conducting course on “Ethical Hacking” and why you are following Unethical way.

Update: Got Reply from Innobuzz .. “Finally, google has closed the website and the script (love4mycommunities.googlepages.com/scr.js)” .