ALERT: New Facebook Revolving Images Scam Spreading

A new scam is spreading through Facebook via the use of small javascript code snippets which users are enticed to enter in order to reveal a “Facebook revolving images” feature.

  For those interested in how the exploit works, it’s relatively straight forward. The user is promised a “revolving images” feature as pictured below. All they need to do is copy and paste a piece of javascript into their browser. While they do receive random revolving images of their friends, in the background the script goes to find their “Email Upload Address”.

Right now the scam appears to be spreading via the following sites:

• http://revolvingimages.info/fb/
• http://kewlpics.tk/
• http://itsmajic.tk/

While the damage is currently limited, Aditya Punjani, a developer, sent us the following code which illustrates how the new exploit can produce greater damage. While this scam doesn’t appear to be generating any massive damage, limiting updates to users’ statuses, this could evolve into a bigger scam over time. We’ll be interested to see how this evolves.
Make sure not to click any of the links which offer the “Facebook revolving images” feature!