Facebook virus infecting 'Friends' lists |
115 Comments |
Posted by Marc Saltzman at 2:45 PM | E-mail this post
Warning to all Facebook users: a new virus is going around that appears to infect the Facebook users' Friends lists. It sends out an email message with a link that asks you to download a plug-in to view a video. One word: don't.
Already more than a dozen times today I've received this email message, or a variation of it, from Facebook "friends":
Jeff sent you a message.
Subject: Hey friend. "You've been catched on hidden cam, yo."
As with any other email you receive within Facebook, users will get this message in their Facebook email inbox as well as their default email program, such as Outlook or Outlook Express.
Following this messages is a long URL (website address) that, when clicked, takes you to what appears to be a YouTube video. This is not YouTube. When you click the video to begin, a message pops up and says you first need to download a newer Flash player to play the video. Do not do this. It's a virus.
Symantec's Norton Antivirus software has flagged this as a "high risk" Infostealer.Gampass virus. More info on this particular Trojan vius is here. (Note: Symantec warns the risk level is "low," since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)
You might be inclined to click on this link because it's from a friend, but they did not intentionally send it to you -- and yes, their Facebook photo is attached, too.
Here's what it looks like in Facebook:
and here's what you see if you follow the link to the fake YouTube site:
And the dialog box instructing you to download the malicious code:
Pass this onto your Facebook friends so they do not download and open this "codecsetup.exe" file.
What to do if you downloaded the virus?
Unfortunately, there's no quick fix if you run this virus, says Marc Fossi, manager of system development, at Symantec's security response team:
"The Trojan is not new -- it’s only the attack mechanism that is. Clicking the link won’t infect anyone. The threat is only installed if the user downloads and executes the “codecsetup.exe” file he refers to. Since Gampass can also download and install other threats onto the computer there is not a single disinfection procedure available. The user should download the latest virus definition files and run a full scan of their computer. Always keep antivirus definition files up to date is the only thing that will warn the users ahead of time. This doesn’t exploit a vulnerability so there isn’t a patch available. But the full system scan should disinfect Gampass and any other threats it downloads and installs."
If you enjoyed this post, why not subscribe to this blog via RSS? It's easy and you'll never miss another sync article.
Posted by Marc Saltzman at 2:45 PM in Found on the Web
| Permalink
| Comments (115)
Dana on August 6 at 3:20 PM | Report abuse
Looks similar to the CNN Daily Top 10 that appears to be slamming folks today too.
deni on August 6 at 3:54 PM | Report abuse
what do you do if you were dumb enough to open it
Robyn on August 6 at 3:56 PM | Report abuse
I wish this was out sooner....I just clicked on that a couple hours ago. Crap. What's it going to do??
Sally on August 6 at 4:10 PM | Report abuse
Thought I would send you this although I guess you might have already seen it. << Mum. Love you. xx
Josh on August 6 at 4:13 PM | Report abuse
I don't know what it actually does, but it could do pretty much whatever they want it to do - you installed an untrusted program on your computer - it could be logging your keystrokes, scanning/encrypting/deleting documents, sending spam from your computer.
Simon Cohen on August 6 at 4:16 PM | Report abuse
We'll be adding more info from Symantec on what you should do if you've accidentally downloaded the file. Stay tuned.
John on August 6 at 4:47 PM | Report abuse
Shouldn't this post be put up on Facebook to warn unsuspecting or uninformed users?
Heather on August 6 at 4:50 PM | Report abuse
I too a couple of hours ago tried to open it.....i'm sending a message to all my friends so if they do get something they know not to open it.
Love it on August 6 at 5:07 PM | Report abuse
What a great idea to spread a virus! Wish I had thought of that!
Thank goodness that I run Linux and my friends run Mac OSX. All those windows XP suckas that got infected are going to be fun to play around with!
nc on August 6 at 5:48 PM | Report abuse
well this is just great, lol
Kristen on August 6 at 5:59 PM | Report abuse
Dear "Love it"
What is wrong with you? How can you take delight in others misfortunes? Have you ever heard of the saying "what goes around comes around"? I can't wait to laugh at your next misfortune...if we're all lucky enough, someone will steal your computer. Jerk.
Robyn on August 6 at 6:02 PM | Report abuse
How do you update antivirus definition files??
Linda on August 6 at 6:19 PM | Report abuse
WELL I"LL BE DAMED??!!!
Melissa on August 6 at 6:22 PM | Report abuse
I got this message on my facebook today- and went to open it and my virus blocker caught it. It was "from" my brother. Stupid idiots who have nothing better to do with their time than do viruses and mess up peoples computers.
Tran on August 6 at 6:35 PM | Report abuse
I suggest running TrendMicro's Housecall to remove the viruses. It's a free virus scanner you can run from your browser without having to install anything. Trend Micro has been around a long time so it's safe to use.
http://housecall65.trendmicro.com/
Sarah on August 6 at 6:39 PM | Report abuse
Why has Facebook not notified users, apparantly it can't be a secret to them.
xaxis on August 6 at 6:40 PM | Report abuse
lol. don't mind the jerk Kristen. it does make a point that certain OS out there are less susceptible on intrusions heheh. anywho, you don't need a Linux or MacOS for that matter. I'd say 2 antivirus with a strict real-time scanner and an aggressive firewall will do.
my second advice: it's not a necessity to update Flash video because they (Adobe/Macromedia) only provide minor updates. if your version of Flash player is not caught up you won't have any problem playing Flash-based videos. another thing to watch for is, Flash updates NEVER prompts you to update. especially when it's coming from one of those, "URGENT: YOU WON TODAY'S 43 MILLION LOTTER - HURRY AND CLAIM NOW", header then provides you with a link to click. If you want to know whether your ver. of Flash player is current, you'd have to go to Adobe's official website to confirm; if you're browser is Firefox, having Flagfox will show you the company's IP and prevents anti-phising.
Humphrey on August 6 at 6:44 PM | Report abuse
Hopefully you don't have any banking info stored on your computer! Better watch your cards and accounts...
Mac on August 6 at 6:52 PM | Report abuse
Well if you had an Apple then you wouldn't get the virus even if you clicked the link, downloaded and tried to run it.
jill on August 6 at 7:16 PM | Report abuse
I stupidly did this but when I got to the black screen saying that I need the new version I could not download this because I do not have Microsoft works installed in my Mac mini. Am I still affected? Thanks.
Corey on August 6 at 7:18 PM | Report abuse
Was a matter of time!
Pierre-Simon on August 6 at 7:20 PM | Report abuse
The virus also displays the facebook message in french.
Sharon on August 6 at 7:24 PM | Report abuse
Just fell for this rubbish myself, after my friend said she never sent me the file i said OH NO! meanwhile it's sitting on my system i can't find the file & i can't delete it & my antivirus PcCillin never picked it up. The only thing that happend was windows said it can't install the file so I don't really know if it's installed or not. I have vista did anyone else have this problem?? HELP!!!
Lisa on August 6 at 7:31 PM | Report abuse
Thanks for posting this!! I am just about to log into my fb, so I'm so glad I read this first.
Gillian Gilby on August 6 at 7:33 PM | Report abuse
I need to know if I'm affected...
My sister went on facebook on my computer and clicked on it. It opened up and asked if she wanted run or save it...she says she cancelled it. Is it okay?
Bob the Computer Tech on August 6 at 7:50 PM | Report abuse
If you didn't run it then you're okay.
Also, to the person with the Mac mini, if you have an Apple computer (Mac) then you can't get the virus.
If you have XP or Vista and you ran it, then if you watch your computer you'll see it start opening up your Facebook and sending messages to your friends. If it's not doing that then maybe you got lucky, but if it is doing that well it's safe to say you're infected!
Mike on August 6 at 7:52 PM | Report abuse
"Thank goodness that I run Linux and my friends run Mac OSX"
Hey "Love It", if you and your friends think you're immune from viruses because you run Linux/OSX, you're even more ignorant than your post shows you to be! ;-)
I love it... "Linux will make me safe"... hahaha!
tiffany butler on August 6 at 7:55 PM | Report abuse
hey
Gillian Gilby on August 6 at 8:01 PM | Report abuse
Can someone tell me how to get rid of this? And also, would it affect your keyboard and typing in the internet? I'm scared.
Adam on August 6 at 8:22 PM | Report abuse
Mike, they are immune to Windows viruses which account for about 99% of the viruses out there. I think it's a fairly safe bet to say that there are no Linux or OS X viruses affecting Facebook.
The few viruses that do exist on Linux typically target enterprise-level products (such as DNS or webservers).
As for OS X, how many viruses exist for it? Has the count even surpassed 2 yet? Can you even name an OS X virus? Do you understand why it is so difficult to infect an OS X system?
For the record, I am primarily a Windows user, but at least I'm not an ignorant one. The fact of the matter is that Linux and Mac OS X *is* safer than Windows whether you like it or not. Nobody said they're immune, but they certainly can rest easier.
Noel on August 6 at 8:25 PM | Report abuse
You saved me a lot of typing! I'm forwarding this, instead, to my networking lists.
Good work Mark.
Bob the Computer Tech on August 6 at 8:26 PM | Report abuse
Gillian, yes they could be monitoring your typing and stealing your passwords at this moment. Sorry if that's scarey, but you want the truth and that's the power of a trojan.
As for removing the virus, look at Tran's post. It should work. Otherwise, check out a service like Dial A Geek if you're not comfortable fixing it yourself.
Noel on August 6 at 8:28 PM | Report abuse
You saved me a lot of typing! I'm forwarding this, instead, to my networking lists.
Good work Mark.
vir on August 6 at 8:57 PM | Report abuse
First of all, I don't know why people use Facebook, secondly, why would be dumb enough to do this? Lastly, nobody makes viruses for macs because nobody cares about them.
heather on August 6 at 8:57 PM | Report abuse
Bob the computer tech.....i was wondering where i would look for a tran's post? i scaned my computer and everyone i talked to on facebook said that they didn't get anything from me.....how do i know for sure its not there?
c on August 6 at 9:04 PM | Report abuse
heather, i believe bob the tech was talking about a post on this comment page by a guy named tran who had a link to a place to help you out. it's 16 down from the top. :)
cheryl on August 6 at 9:38 PM | Report abuse
thank god i didn't open it when i did...but ya thank god i didn't..thanks for the warning before i seen it:D
S on August 6 at 9:38 PM | Report abuse
Would Windows Live OneCare be able to detect this?
Jean Turcotte on August 6 at 9:50 PM | Report abuse
In a case like this one,facebook should advise all is members a.s.a.p.!
Ty on August 6 at 10:05 PM | Report abuse
YOUR COMPUTER is INFECTED ONLY IF YOU INSTALL THE CODEC which is downloaded by the user if they follow the link. My antivirus stopped it before totally downloading it thus stopping infection. If you ran the exe file then you probably should do a online scanner such as Housecall. Otherwise according to this article its nothing to fear.
Marc Saltzman on August 6 at 10:12 PM | Report abuse
Yes, Ty, is right -- you WON'T get the virus if you click the link and visit the fake YouTube website. But you will likely contract it if you click to run the downloadable file called codecsetup.exe. Please, people, never open an .exe file -- even if it's sent from a friend. As in this case, they didn't know their Facebook address book was infected and the virus was sent to everyone in it.
Cheers,
Marc Saltzman
Jessica on August 6 at 10:53 PM | Report abuse
This guy "courtland" is renting his house on craigslist Toronto :S random
bobbydooly on August 6 at 11:17 PM | Report abuse
What will it take?
I mean really. How much abuse, expense and frustration are windows users going to put up with before they make the switch to linux?
I just don't get it.
Lynn F-G on August 6 at 11:26 PM | Report abuse
I received this.. thank goodness I didn't open it!!
Sharon on August 6 at 11:28 PM | Report abuse
Has anyone downloaded this thing (like me) & in the middle of downloading windows says it can't install the file and i did a search for codecsetup.exe & i have it on the sytem yet i can't delete it nor can when i go into my docs does it show up & i have hidden files open. Please let me know if I can do anything about this. My PcCillin didn't pick up the virus
Haha on August 6 at 11:56 PM | Report abuse
All you guys who opened this are pretty stupid to even fall for it and therefore deserve the consequences which follow for being so stupid
amy on August 7 at 12:13 AM | Report abuse
thank goodness i found this and sent it to my friends in time!
ive dealt with these kinds of viruses except on MSN and it took forever to get out.. i almost had to get a new computer!
=|
ThreeFeathers on August 7 at 12:18 AM | Report abuse
Facebook is not the only site this virus is on. I saw the message on another "social" site only a little while ago....watch out people!!
laura Carpentier on August 7 at 12:29 AM | Report abuse
yes!! I received the verus this morning. but me, I said: es what it is you in the video? and this is the same as you speak. my norton has automatically block the site. virus has high risk.
sorry, for my English
Telecom Doctor on August 7 at 12:40 AM | Report abuse
I was suspicious so I aborted and went to Flash website for the latest update and then re-ran. Since it came up again, I knew this was not a legit upate for Flash.
What a waste of time all this malicious code is.... Arghhh!
Users beware!!