There is a very good reason to be wary of emails that come from Facebook, especially the ones that ask you to add an application. In fact, it’s poor email use to log into a website after clicking a link inside an email (which is exactly what Facebook trains people to do every time it sends out a message).
Yesterday I noticed a spike of visitors looking for information on a “facebook virus”. Since I wrote about the last one I noticed, they found my blog. I’d certainly recommend my information over the details provided by CP/CTV about the latest trojan that uses a Facebook friend’s list to find new victims.
Can. Press describes the virus “that can infect users’ `friends’ lists [sic].”
It doesn’t infect the friends’ lists, it uses the list as an address book with which to spread to a targeted audience. The “lists” can’t be infected, unless the virus were to modify the list in some way so that people who befriended a user with an “infected” friend’s list (account) would automatically infect the new friend.
“The virus sends out an email message from `friends’ lists and asks users to download a plug-in to watch a video.”
That’s one fairly standard method of becoming infected with a trojan horse.
“Tech expert Marc Saltzman says the plug-in, which purports to be a new Flash player, is actually a virus.”
Indeed it is.
Saltzman says Facebook users might click on the download link because the email message appears to be from a friend, whose Facebook photo is attached. ”
Oldest trick in the email virus book; Pretend the message was sent from a friend, and it’s more likely to be opened than if it comes from a strange name.
Unfortunately, the latest version of this virus can be used by an attacker to upload other viruses onto a compromised machine, so if you’ve become infected with this so called Facebook virus, the only complete fix that guarantees a secure system is to back up your data, and format the hard drive(s) to install from scratch. Antivirus software run from a live CD will clean most or all of it up though. I’d recommend the UBCD for doing that scan and cleanup.
@hotmail.com
![[EFC Blue Ribbon - Free Speech Online]](http://www.efc.ca/images/efcfreet.gif)
huffb1 | 07-Aug-08 at 6:05 pm | Permalink
A perfect way to know its fake is to have it set so no emails come from facebook. just change the settings.
Roshan | 07-Aug-08 at 8:53 pm | Permalink
That’s a good suggestion. As a person who has had more than his share of viruses & spammers, I can sympathize with anyone who has been ‘duped’ by a Facebook invitation.
Saskboy | 08-Aug-08 at 2:17 pm | Permalink
Huffb1, that would work only for identifying the emails that are phishing Facebook users (emails that don’t come from Facebook’s notification system). Whereas an application in facebook that can use a friend’s list to send out invitations to download the virus, would appear to be a Facebook approved message and would show in the Facebook inbox when loggin in, or application invitation list on the Facebook home page.
huffb1 | 08-Aug-08 at 5:14 pm | Permalink
Ok, So this is not something thats emailed to you. Its a message within Facebooks inbox. I can now how this would be tricky to catch.
Lisa | 25-Aug-08 at 6:55 am | Permalink
Just so you all know…this awful virus is still out there…as of August 24th. It was in my Facebook “Inbox”, and said that it was from my friend (with her picture) and asked me to look at a video. It asks you to click on an update to upload the video, and Gotcha! it gets you. Then, it sent the same thing to all of my friends (saying it was from ME!). I was appalled, and closed my Facebook account. I don’t know if that actually does anything, but I was both angry with Facebook for not getting rid of this thing (if it has been a problem for Facebook for the past month, I would think that they would’ve figured-out how to protect their members by now!), and to protect my friends from any further undue problems.
My Macafee scan didn’t fix the problem (when I try to pull up a website thru Google, it redirects me to different sites), but I was able to catch the virus through Malwarebytes’ Anti-Malware scan, and hopefully eliminated the problem.
What do you think?
Saskboy | 25-Aug-08 at 10:02 am | Permalink
Sorry to hear that Lisa. Closing your Facebook account won’t save your friends now, since they’ll already have the virus message from the moment your computer was infected. Facebook could possibly scan the links posted to the site for malware, but the added strain on their servers could possibly shut the site down or make it much more costly to run. Generally it’s up to users to educate themselves, as you have the hard way.
I haven’t heard of Malwarebytes, but if it says it works that’s a good sign. Continue your scans with Spybot S&D and Adaware and possibly Trend’s Housecall on the web, and if they say you’re fine, and the computer is working normally you may have dodged having to reinstall your Operating System.
chal | 26-Aug-08 at 4:20 am | Permalink
Unfortunately i got this virus yesterday the file was fbrte9.exe that was eventually picked up by AVG, however the symptoms have persisted with google pop up or redirects and just a slow computer. Not good, not good.
Saskboy | 26-Aug-08 at 8:03 am | Permalink
Chal, it could be that AVG didn’t find all of the virus files. It’s common for viruses to pick random names so no one else will get “rbrte9.exe”, and many attempt to install rootkits and other viruses, so that you have to run scans from Live CDs to have a good chance of disinfection.
Try the UBCD for a scan.
Charlie | 26-Aug-08 at 8:56 am | Permalink
I also got this virus after receiving a link from a friend to a youtube video. I managed to get rid of it before too many people on my friends list were affected and sent emails to everyone warning them. As a result Facebook has closed my account for Spamming and despite several emails to their support team nothing has happened.
With regards to doing something Fqacebook have claimed they have traced the link and shut down the sites and apparrently by disabling the accounts of those affected the issue is minimised. However other than trusting an email seeming sent from a friend I am still being penalised and have no idea if or when my account will be reactivated. Consequently I risk losing touch with a lot of people who I only have contact with through Facebook.
Saskboy | 26-Aug-08 at 10:10 am | Permalink
That highlights the importance of getting people’s email addresses and/or phone numbers, and not relying on Facebook since they can ban anyone at will, unlike the Internet (in its current form).
chal | 26-Aug-08 at 3:10 pm | Permalink
Thanks, think i’ll have to reformat to be sure with this one.
I have installed AVAST which detects the google redirect as a trojan.
heather | 13-Sep-08 at 11:16 am | Permalink
Sorry i still don’t know if i have the viris sorry about the spelling. please let me know how to tell if i do have it.
Saskboy | 13-Sep-08 at 3:13 pm | Permalink
Hi Heather,
To check you’ll want to have antivirus software. There is software for free from AVG here:
http://free.avg.com/
Or you can try Housecall which runs from the Internet
http://housecall.trendmicro.com/
If neither installs or works, it’s likely you have a virus and should either take it to a repair shop (usually $85 or up), or backup your data onto DVD and use your system recovery discs (you may need to make them first) to wipe your computer clean back to factory settings.
OldWolf | 17-Sep-08 at 10:44 am | Permalink
My first experience with this sort of malware distribution via Facebook, I’m ashamed to say I clicked the download option – fortunately AVG caught the virus for me. It’s a wonder.
parallaxbeauty | 21-Sep-08 at 4:27 pm | Permalink
I was lucky in that the only times I’ve gotten these sent to me were:
1) By people on my friends list that I know through school, but never hear from. If it’s very strange to be hearing from this person, then chances are it could be a virus! I had people sending me stuff that I hadn’t talked to in about 2 years!
2) One of the emails I got was from a girl I go to school with; the email said “Nice Ass, but why would you ever put it on the internet?” This girl is one of those people who I know would NEVER say “Ass,” so it’s pretty obvious there was something fishy there.
So basically, use common sense- if you know the person well and know that they are a grammar freak and the message from them is in very poor grammar, then don’t click on the link. If it’s someone you haven’t talked to in a long time, use caution. If it’s mass mailed to many people, be careful. And finally, if you’re unsure, ask the person. Better safe than sorry!