Update: Facebook responds to malware attacks.
Facebook malware attacks to date have largely consisted of getting user credentials via phishing sites and then spreading spam and additional phishing attempts. But a new worm is disseminating through Facebook that aims to install trojan software on a user’s machine.
The worm spreads when a compromised user’s account is used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:” and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called “codecsetup.exe.” We didn’t go so far as to install the software, but our guess is that it zombies your computer, installs a keylogger, and other fun stuff.
A nasty feature of the worm is that it takes the profile picture of the sending infected user and adds it to the linked website. This makes it all look much more legitimate for the potential victim. Facebook users are notoriously naive when it comes to security awareness, and a certain percentage of users will always end up falling for this kind of social hack. There’s little Facebook can do other than attempt to filter out the landing website in messages.
Screen shots below.
See all
Post
if you are stupid enough to click links like that you deserve anything that happens to you.
If you don’t click the links in the e-mails you would probably be preventing problems.
http://blabtech.blogspot.com
@Andrew - I think you’re going too far. It does amaze me that people still fall for this sort of thing, but the majority of computer users are non-techies and don’t follow computer threat discussions.
Agree with Burak - most people are dumb as a rock when it comes to this things. Social engineering and other less advanced methods work like a charm with most of the users.
I received the trojan worm virus - 5 of them on 1 machine - 1 on two others - all networked - I didn’t receive the one about a video link - mine came in the form of my antivirus for xp needing to be updated - a persistent, very quick, box kept popping up on my screen and when you x’d out of it it would start downloading - so not all of us a stupid and don’t deserve it - it’s coming from Facebooks Apps - that’s the only time the ads would pop up - not when I went into Facebook - but when I went to use one of my apps from them
Hi my pc had this one and my room mates clicked it and now it just turns on and off what did you do to get rid of it?
ty Mikie
that pop up you had was fake, its designed to look like a windows problem pop up, dont fall for it, if you download it can be a huge hassle to remove, according to my brother i helped him get rid of it
I have been having this pop up for a while now. I hadn’t renewed my McAfee virus protection and I just thought it had to do with that. I am one of those thousands of people who use the computer for work and/or entertainment. Every time I open my computer I have this rectangle in the lower right corner that pops up, but it goes away in less than a minute. It had a red stop sign and just that someone has been trying to change my defaults. I have used the (x) so many times. Now my computer is freaking out on me. My screen just goes funny. I didn’t realize that something like this would just pop up on my computer. YIKES! I always thought you had to open an email to get a virus, or click on a link to download it. wow!
now how do I get my last name off of here?
Michelle, I’m having the same thing happen to my computer right now. How did you get rid of the virus?
Ohhh…and hope you don’t get it - because my bf is an IT tech - it took over 3 hours - and a lot of swearing to get rid of it - our usual antivirus protection did not find it - not even after the updates and the full scans - he had to download a much more intricate antivirus program to EVEN find the virus
chill out andrew, not everyone is as geeky as you pal.. not everyone knows everything there is to know about computers because not everyone is that bothered to be honest. Get a life and don’t bother commenting unless it’s worthwhile you patronising tosser.
Jen - You are my Hero!!!
jay
Hey Andrew,
Just because people clicked on the link doesn’t make them retards. What it makes of them is someone that doesn’t spend 24hrs a day in front of a computer trying to to catch the next porn flick. They actually have a life and an actual person next to them when they sleep at night.
You must be one of those assholes with a “greater than gods!” complex, yet sit in front of the screen and wonder how it is people actually get laid in the world because you have never been so lucky (not counting the inflatable woman in your closet!).
So instead of telling people off why don’t you just shut your hole, get out and experience the sun for once in this millenium and try to shave off 100 pounds to “Sweating to the oldies!” you arrogant bastard!
For those who would like some help try doing a system restore to a previous date; then install Spy-Bot and Ad-Aware (lavasoft.com); do a scan; install Avast Antivirus (they have a free home edition) and that should help.
Derek J,
While I agree that Andrew didn’t need to call everyone a retard, your response of cutting him down and then saying he has a superiority complex is the pot calling the kettle black.
The last part of your e-mail was all you needed to include.
Nicely said. I recently got this virus through an email on facebook. Luckily they gave me back up discs when I bought my computer. I saved the files I wanted, then deleted and reinstalled my operating system and all of my software using these discs. Took a long time, but all is well now.
Derek is my hero!!
andrew lighten up you jerk not everybody is got big brain like you do
omfg.
this was on bebo too.
but the one on bebo was; youtube-x-files.com or sumfn like that
so i didnt dl it
whew.
If you are so f-ing narrow minded to call someone stupid rather than ignorant then, you must be God. Not everyone has the time nor the inclination to sit around and geek out with their PC. I was on FB to socialize with old friends. Not to be looking out for sinister d-heads, probably much like you with nothing better to do when they run out of lotion.
The problem with worms like this isn’t the person infected first, it’s usually with the people they infect, the extra traffic on the network they are on, and any other purpose their machine is put to. For every “stupid” person that gets one of these, 100 other people are inconvenienced, annoyed, or worse.
As for the actual declaration that people are stupid that get these, that is not always the case. They are often naive, or just uninformed. As an IT guy, I have never understood why some people think that people being uneducated about their computers makes them dumb.
Virus?, .exe files? that is so windows…
Switch now!
Right, but there is some essential software i use on win. I like Linux, Mac, unix really a lot, worked long times with Linux.
Johannes
http://success24.ws
Get out of your closet, Mac is the worst in security.
http://www.macworld.com/articl...../hack.html
Hilarious … some guy was allowed to take over the whole machine, and he was able to hack into it? BRILLIANT! Er, you might want to read an article next time before posting a link to it.
i dont use facebook nor any social network sites
so i lol at those who got infected because of it
“Howdy, you’ve been catched on hidden cam, yo.”
I don’t know anyone that talks like that, which is why I’d never click on a link right next to that sentence.
So what can one do if they have blindly got infected - what’s the fix?
@Amit
wsup, 8nt u evr bin 2 MySpAcE?
Of course people will try to disrupt the social networking realm with viruses, it is all a perfect way of viral distribution much like their facebook apps…
We should create a new rule on the web: never ever enter your username password on a third party site and every website should have a personalization feature to allow users to authenticate the website before it enters its username and password.
Wouldn’t help in this case. Re-read the initial attack method - the attackers hack an existing facebook account, and use that to send out the message. At no point does anyone enter their own id and password. They just click on a link embedded in a message that /appears/ to be from a known friend.
“Facebook users are notoriously naive when it comes to security awareness, and a certain percentage of users will always end up falling for this kind of social hack.”
Right on… most users of social networking websites are incredibly naive. A LOT of the social networking website depends on this naivette to grow in the first place.
Case in point - Flixster. The company had a slow user growth up until it started the practice of tricking users to enter their Yahoo/MSN username and passwords (WTF??) into a form upon which it Spams all the user’s friends asking them to join Flixster… with some faux personal message as if it as the user who sent the message themselves.
What happened? Flixster took off and now has a $150M valuation.
A lot of sites do that.
“A Google search on the words “flixster” and “spam” yields 121,000 page results[23]. However, this is actually a low number compared to that of other social networking sites: “MySpace spam” yields over 20 million [24], and “Bebo spam” displays 2.6 million”
-http://en.wikipedia.org/wiki/Flixster
I’m pretty sure facebook does it now also. I could be wrong however.
Yup, facebook does it too.
http://www.new.facebook.com/invite.php?ref=tn
Actually, facebook let’s you remove users from the invitation list manually. However, the fact that people give away their login and passwords to a third party site is kind of creepy.
I think the beef with Flixster is the extent which they abuse this process. It is fine if you consciously let a social networking website spam your addressbook.
But from what I hear Flixster practiced REALLY deceptive methods (such as sending an email to your friend that they have a quiz from you, and in order to get to the answer, they’d had to enter their yahoo login or something like that) - which they will use to spam even more people.
http://www.theinternetpatrol.c.....dress-book
I also heard that Flixster holds on to your contacts and contacts them repeatedly - I don’t think they do that anymore though as there was a huge uproar when they did that last year - but they managed to get what they wanted, which was massive traffic to justify their valuation.
Facebook users are naive and you think you know what a worm is. Bulls eye!
He He, I’ll never get it cause I Don’t have a facebook account.
Wow… Watchout, be carefull…
I have had two of these in the last 2 days… be careful folks!
not sure what all the fuss is about - looks perfectly legit to me.
i mean, all my flash upgrades are hosted by vinozlomekvavra.cz
I’m surprised no one lol’d that. I will give the credit your joke deserves because that was some funny shit. Made me laugh out loud!
Omg i get mine there too, great key loggers eh?
i dont use facebook nor any social network sites
I’ve gotten 2 in the last 2 hours. Told the people to change their FB password, seems like that’s the least of their problems.
reason why facebook is not hot within japan..
how the f### do i fix my comp after opening the exe?
Only a few anti spam techniques technique have succeeded in the battle with spammers and one of them is Abaca’s ReceiverNet service. ReceiverNet characterizes each protected user based on the percentage of spam they receive and then uses those reputations to rate the incoming message flow. ReceiverNet is effective in protecting against existing and future spam techniques. For more information log on to http://abaca.com/.
Had it happen to a friend today. Not fun.
At least the largest European social network Netlog (http://www.netlog.com) has no problem with this kind of spam which Twitter and Facebook has to deal with.
It is the architecture of Facebook that allows this kind of things. Go for Netlog, it is way more secure and you don’t have the issues of all the annoying apps…a great answer to the Facebook-idiocracy!
Since you work at netlog, you are obviously biased.
http://en.netlog.com/viagrasofttabs <– spam on netlog.. (simple google search reveals tons more)
that’s no spam, it’s SEO lift. It’s different. Really.
CG
Since you work at netlog, you are obviously biased.
Just type netlog and via**a in google and you will see tons of spam on their site. They are not immune.
I use facebook but till I not get any message of this kind and if I will get any message of this kind I will ignore that.
Best solution is to go into your router settings and ban all spammy/malware filled domains, For example .pl .ws .crackhead .bs etc you get the point.
How do I fix it - my little sister clicked the link and now my pc is creating error messages every 2 seconds!
Because this IS a .exe file - it won’t affect my mac right?
ok, so i think the big question is… how do we fix this?!
Im on a mac so im protected against this stupid stuff. Even if It was a universal think. Macs dont suffer from the ability to have things auto installed like windows computers.
Ugh. You’ve totally been indoctrinated to something that is untrue.
http://www.macworld.com/articl...../hack.html
You aren’t vulnerable to an .exe, but you ARE vulnerable. .exe’s get sent around because the market share is overwhelmingly using microsoft products. as apple’s market share grows, you can expect to become more and more vulnerable, and honestly it may be worse for you, as apple developers haven’t had to spend as much time developing/patching security. its akin to never having been sick, and then being flooded with viruses…..you just wont be able to stand up to it.
Hahaha, yeah. I really can’t wait for mac users to get slammed with viruses. They’re so smug in thinking they’re immune and that they’re some how better than anyone who uses windows. But it will happen, hell it’s already happening. Smug mac users just piss me off. Linux is the way to go.
Mmm, glad I switched to Linux
uhm, you have to run exe, you retards. It wouldn’t matter what platform you were using.
Christ, why can’t people apply common sense? If I have learned anything else from my forays on the web, it’s that executing executable files from any .ru, .cz, have a high potential to be bad files. You know, much like downloading that illegal ms office suite from a torrent site and not expecting it to be spiked with some potent bugs. I have a facebook account and I knew there was a reason my profile page is still pristine.
personally I’m a fan of the death penalty for first offense virus,hack or spam attempt
Really, it’s pretty sad that users would _see_ a popup about running an executable, and click ‘Save File’. I’ve forwarded this on to a bunch of my friends, just in case. It’s amazing what some folks will do, before thinking about it. :/
Please tell me you have at least *looked* at another platform. .EXE files don’t run on Mac or *nix systems (at least not with out a good deal of work).
He ofcourse means that no matter what platform, the user has to install the exe or dmg file.. It does not install automatically, not even on windows.
Call it dumb luck. I clicked on the site but the link didn’t work! So I went straight to adobe. Hey, if you verify your identity by giving your cell number, do you get cell span? Thanks.
Don’t lagh but im a techy and I made the mistake of opening it, i should of know,, but the girl that “sent” me it, was one of my hot friends, and i know she’s kinky, so i was really expecting some hot film of her in her panties. So i just kept clicking on it,,like an idiot
do you know how to get rid of this virus??
You guys that clicked on the link and installed the software are perfect potential candidates for Darwin awards. How many red flags does it take for you to “get” it?
hey there is a new virus going around facebook telling you to go to somesort of website its different everytime, the website, any it posts to all of your friends and then you cant delete the post that “you” wrote.. if anyone has any info on it id love to hear from someone…
Facebook fakers using the name and the app to spread worms.
One of my Facebook friends has a problem and doesn’t have Antivirus software nor does she have anyone to tell her how to fix this. Her facebook is sending a post to her friends wall that says this: YOU GOT A (CRUSH) ON YOU, CAN YOU GUESS WHO IT IS? YOU’LL BE SHOCKED, FIND OUT NOW! http://img299.imageshack.us/img299/8493/mcrlj0.swf
Any thoughts on what I can tell my techno-lacking friend on how to stop it from spreading further and also to get it off her machine - short of reformatting?
today I got this friend of mine send me a message:
“is that you making love???” then follow a link.
I click it, and before it’s too late, i’m virused!
any help?
I clicked on the link last night unwittingly because it looked real and normal. I unleashed on my computer and SPAM’ed my friends. Guess what, facebook revoked my account for SPAM’ing. This virus/malware/trojan horse sucks. I’ve had a facebook account for six years. As an less than savvy computer user and not a candidate for a Darwin award, I clicked on it unknowingly and lost my facebook account.
Hello Facebook victims to the virus that is going around. For users that aren’t confident in removing the virus by there self Please Visit Http://www.supportspace.com so that one of our Online Technical Experts can help you with the removal of the infostealer.gampass virus..Are Experts are available for immediate connection. No wait time, please just click connect now once you are on Http://www.supportspace.com and then within 45 seconds you will be talking to one of our many unique experts.
Ryan Bell
The symptom is a very slow response time on all internet pages since the malware is communicating with a remote server all the time.
After a few safe years of internet surfing, I got careless enough to get myself infected a few days ago.
I used ActivePorts ( http://www.download.com/Active.....62969.html ) to identify the problem (I saw an unknown process with PID 0 connecting to an unfamiliar server through TCP).
I couldn’t fix it myself, so I installed some anti spyware programs like SpywareBlaster, SpywareTerminator, AVG, and AdAware, but none of them found it.
Then I installed Avast ( http://www.download.com/Avast-.....19223.html ).
2 minutes later I was clean.
Avast Rules!!!
why wont facebook let me back on? i opened the damn thing, fortunately the computer is ok, but how do i get facebook to let me on again?
if you don’t click the install flash player. but you do go to the “youtube” page. are u still infected???
no
OK, so I say a strange looking Add-In in my Internet Explorer browser.
Navigation: Tools > Internet Options > Programs > Manage Add-Ons…
“690974 Class”
I then did a google search on this and found that it was responsible for the redirect issue I was having. This thread gave me the exact instructions to remove my problem. http://www.daniweb.com/forums/post679791.html
It tells you to use HiJackThis to remove certain files but I simply went and deleted the following:
Close out of all Internet Explorer browsers and delete the following folder: C:\WINDOWS\system32\690974
Then deleted this registry entry:
O2 - BHO: 690974 helper - {3912DDE2-4295-4A5F-A8E4-A1B1C7EF7313} - C:\WINDOWS\system32\690974\690974.dll
I also deleted other registry keys that had references to the “690974 Class” file path by doing a find on it. Just be careful what you delete in your registry.
I was one of the idiots who got one of those youtube links and clicked on ‘codecsetup.exe’. Not one of my proudest moments fo shiz… but I downloaded Avast anti-virus and ran a thorough scan… and, so far, it appears its cleaned the virus off my computer.
http://www.download.com/Avast-.....19223.html
Hope this works for you.
I was also one of these “idiots” and clicked on the link. Slowed my laptop down and also when using Google opened up an unwanted window.
Now to all those who have asked how to sort this out and have been met by a barrage of insults by the “IT Crowd” try downloading and running a programme called Spybot from http://www.safer-networking.org
My technical support guy downloaded and run this programme for me and all appears to be fine now.
Oh and to all you IT geeks, just because some of us don’t know the ins and outs of computing, doesn’t make us stupid, just obviously means we have far better things to do than spend our lifetime looking at a screen…
I am amazed at the pack mentality on these posts and how “elevated” above the rest of us non-IT folks you are. Must be nice to be so intelligent in all matters of the world while the rest of us wallow in our stupidity. Hooray that you are so well-versed in technology that will someday be outdated which allows the insults to fly. Technically knowledgeable, socially inept.
how nice for you Andrew, to be so smart, never make a mistake or be judgemental. you must be perfect in every way.