{"id":37,"date":"2010-01-29T19:47:27","date_gmt":"2010-01-30T00:47:27","guid":{"rendered":"http:\/\/williamscomputers.com\/?p=37"},"modified":"2010-01-29T19:47:27","modified_gmt":"2010-01-30T00:47:27","slug":"facebook-virus-infecting-%e2%80%98friends%e2%80%99-lists","status":"publish","type":"post","link":"https:\/\/williamscomputers.com\/?p=37","title":{"rendered":"Facebook virus infecting \u2018Friends\u2019 lists"},"content":{"rendered":"

This is a little old but going around again.<\/p>\n

Warning to all Facebook users: a new virus is going around that appears to infect the Facebook users\u2019 Friends lists and sends out an email message asking you to download a plug-in. One word: don\u2019t.<\/p>\n

<\/strong><\/p>\n

Warning to all Facebook users: a new virus is going around that appears to infect the Facebook users\u2019 Friends lists. It sends out an email message with a link that asks you to download a plug-in to view a video. One word: don\u2019t.<\/p>\n

Already more than a dozen times today I\u2019ve received this email message, or a variation of it, from Facebook “friends”:<\/p>\n

Jeff sent you a message.<\/em><\/p>\n

Subject: Hey friend. <\/em>“You\u2019ve been catched on hidden cam, yo.”<\/em><\/p>\n

As with any other email you receive within Facebook, users will get this message in their Facebook email inbox as well as their default email program, such as Outlook or Outlook Express.<\/p>\n

Following this messages is a long URL (website address) that, when clicked, takes you to what appears to be a YouTube video. This is not YouTube. When you click the video to begin, a message pops up and says you first need to download a newer Flash player to play the video. Do not do this. It\u2019s a virus.<\/p>\n

Symantec\u2019s Norton Antivirus software has flagged this as a “high risk” Infostealer.Gampass<\/em> virus. More info on this particular Trojan vius is here<\/a>. (Note: Symantec warns the risk level is “low,” since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)<\/p>\n

You might be inclined to click on this link because it\u2019s from a friend, but they did not intentionally send it to you \u2014 and yes, their Facebook photo is attached, too.<\/p>\n

Here\u2019s what it looks like in Facebook:<\/p>\n

\"Virus_msg_facebook_2\"<\/a><\/p>\n

and here\u2019s what you see if you follow the link to the fake YouTube site:<\/p>\n

\"Virus_video_2\"<\/a><\/p>\n

And the dialog box instructing you to download the malicious code:<\/p>\n

\"Virus_download\"<\/a><\/p>\n

Pass this onto your Facebook friends so they do not download and open this “codecsetup.exe” file.<\/p>\n

What to do if you downloaded the virus?<\/p>\n

Unfortunately, there\u2019s no quick fix if you run this virus, says Marc Fossi, manager of system development, at\u00a0 Symantec\u2019s security response team:<\/p>\n

“The Trojan is not new \u2014 it\u2019s only the attack mechanism that is. Clicking the link won\u2019t infect anyone. The threat is only installed if the user downloads and executes the \u201ccodecsetup.exe\u201d file he refers to. Since Gampass can also download and install other threats onto the computer there is not a single disinfection procedure available. The user should download the latest virus definition files and run a full scan of their computer.\u00a0 Always keep antivirus definition files up to date is the only thing that will warn the users ahead of time. This doesn\u2019t exploit a vulnerability so there isn\u2019t a patch available. But the full system scan should disinfect Gampass and any other threats it downloads and installs.”<\/p>\n","protected":false},"excerpt":{"rendered":"

This is a little old but going around again. Warning to all Facebook users: a new virus is going around that appears to infect the Facebook users\u2019 Friends lists and sends out an email message asking you to download a plug-in. One word: don\u2019t. Warning to all Facebook users: a new virus is going around […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-37","post","type-post","status-publish","format-standard","hentry","category-virusalerts"],"_links":{"self":[{"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/posts\/37","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=37"}],"version-history":[{"count":0,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=\/wp\/v2\/posts\/37\/revisions"}],"wp:attachment":[{"href":"https:\/\/williamscomputers.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=37"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=37"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/williamscomputers.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=37"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}