Facebook virus infecting ‘Friends’ lists
Warning to all Facebook users: a new virus is going around that appears to infect the Facebook users’ Friends lists and sends out an email message asking you to download a plug-in. One word: don’t.
Warning to all Facebook users: a new virus is going around that appears to infect the Facebook users’ Friends lists. It sends out an email message with a link that asks you to download a plug-in to view a video. One word: don’t.
Already more than a dozen times today I’ve received this email message, or a variation of it, from Facebook "friends":
Jeff sent you a message.
Subject: Hey friend. "You’ve been catched on hidden cam, yo."
As with any other email you receive within Facebook, users will get this message in their Facebook email inbox as well as their default email program, such as Outlook or Outlook Express.
Following this messages is a long URL (website address) that, when clicked, takes you to what appears to be a YouTube video. This is not YouTube. When you click the video to begin, a message pops up and says you first need to download a newer Flash player to play the video. Do not do this. It’s a virus.
Symantec’s Norton Antivirus software has flagged this as a "high risk" Infostealer.Gampass virus. More info on this particular Trojan vius is here. (Note: Symantec warns the risk level is "low," since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)
You might be inclined to click on this link because it’s from a friend, but they did not intentionally send it to you — and yes, their Facebook photo is attached, too.
Here’s what it looks like in Facebook:
and here’s what you see if you follow the link to the fake YouTube site:
And the dialog box instructing you to download the malicious code:
Pass this onto your Facebook friends so they do not download and open this "codecsetup.exe" file.
What to do if you downloaded the virus?
Unfortunately, there’s no quick fix if you run this virus, says Marc Fossi, manager of system development, at Symantec’s security response team:
"The Trojan is not new — it’s only the attack mechanism that is. Clicking the link won’t infect anyone. The threat is only installed if the user downloads and executes the “codecsetup.exe” file he refers to. Since Gampass can also download and install other threats onto the computer there is not a single disinfection procedure available. The user should download the latest virus definition files and run a full scan of their computer. Always keep antivirus definition files up to date is the only thing that will warn the users ahead of time. This doesn’t exploit a vulnerability so there isn’t a patch available. But the full system scan should disinfect Gampass and any other threats it downloads and installs."
Was a matter of time!
The virus also displays the facebook message in french.
Just fell for this rubbish myself, after my friend said she never sent me the file i said OH NO! meanwhile it's sitting on my system i can't find the file & i can't delete it & my antivirus PcCillin never picked it up. The only thing that happend was windows said it can't install the file so I don't really know if it's installed or not. I have vista did anyone else have this problem?? HELP!!!
Thanks for posting this!! I am just about to log into my fb, so I'm so glad I read this first.
I need to know if I'm affected…
My sister went on facebook on my computer and clicked on it. It opened up and asked if she wanted run or save it…she says she cancelled it. Is it okay?
If you didn't run it then you're okay.
Also, to the person with the Mac mini, if you have an Apple computer (Mac) then you can't get the virus.
If you have XP or Vista and you ran it, then if you watch your computer you'll see it start opening up your Facebook and sending messages to your friends. If it's not doing that then maybe you got lucky, but if it is doing that well it's safe to say you're infected!
"Thank goodness that I run Linux and my friends run Mac OSX"
Hey "Love It", if you and your friends think you're immune from viruses because you run Linux/OSX, you're even more ignorant than your post shows you to be! ;-)
I love it… "Linux will make me safe"… hahaha!
hey
Can someone tell me how to get rid of this? And also, would it affect your keyboard and typing in the internet? I'm scared.
Mike, they are immune to Windows viruses which account for about 99% of the viruses out there. I think it's a fairly safe bet to say that there are no Linux or OS X viruses affecting Facebook.
The few viruses that do exist on Linux typically target enterprise-level products (such as DNS or webservers).
As for OS X, how many viruses exist for it? Has the count even surpassed 2 yet? Can you even name an OS X virus? Do you understand why it is so difficult to infect an OS X system?
For the record, I am primarily a Windows user, but at least I'm not an ignorant one. The fact of the matter is that Linux and Mac OS X *is* safer than Windows whether you like it or not. Nobody said they're immune, but they certainly can rest easier.
You saved me a lot of typing! I'm forwarding this, instead, to my networking lists.
Good work Mark.
Gillian, yes they could be monitoring your typing and stealing your passwords at this moment. Sorry if that's scarey, but you want the truth and that's the power of a trojan.
As for removing the virus, look at Tran's post. It should work. Otherwise, check out a service like Dial A Geek if you're not comfortable fixing it yourself.
You saved me a lot of typing! I'm forwarding this, instead, to my networking lists.
Good work Mark.
First of all, I don't know why people use Facebook, secondly, why would be dumb enough to do this? Lastly, nobody makes viruses for macs because nobody cares about them.
Bob the computer tech…..i was wondering where i would look for a tran's post? i scaned my computer and everyone i talked to on facebook said that they didn't get anything from me…..how do i know for sure its not there?
heather, i believe bob the tech was talking about a post on this comment page by a guy named tran who had a link to a place to help you out. it's 16 down from the top. :)
1234567890
thank god i didn't open it when i did…but ya thank god i didn't..thanks for the warning before i seen it:D
Would Windows Live OneCare be able to detect this?
In a case like this one,facebook should advise all is members a.s.a.p.!
YOUR COMPUTER is INFECTED ONLY IF YOU INSTALL THE CODEC which is downloaded by the user if they follow the link. My antivirus stopped it before totally downloading it thus stopping infection. If you ran the exe file then you probably should do a online scanner such as Housecall. Otherwise according to this article its nothing to fear.