Created attachment 594775 [details]
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
Steps to reproduce:
Installed the add-on from http://my-vod[.]net/you.xpi?d=3453453
Runs JS from add-on to inject http://staticserve/[.]org/code2.js
The JS is heavily obfuscated: http://jsunpack.jeek.org/dec/go?report=2187c0ce12f5e9045fd96b31a5dc713e57ff46a2
JS loads staticserve[.]org/web/f0.php
It keeps the list of FB pages to like in HTML5 localstorage under the key "fb_page<page_id>".
Page Ids found in local storage:
Has you like pages via POSTs to http://www.facebook.com/ajax/pages/fan_status.php?__a=1
Does a lot of CSS modification of the FB DOM.
Injects ads onto your news feed and other pages, wiping out Facebook's ads and sponsored stories.
It should not inject ads into Facebook or send likes on your behalf, without your consent.