Professional Geek
RSS icon Email icon Bullet (black)
  • Stupid is as stupid does

    Posted on September 7th, 2008 Andy Parkes 6 comments

    If you’re on my Facebook friends list you’ll have got this message over the weekend

    Hello All
    If you’ve had a weird message from me (other than this one!) today please delete it
    I got the same message from a friend and while allowing my curiosity to get the better of me i managed to infect myself
    Highly highly embarrassed
    Feel free to message me with abuse
    Andy

    So I thought I’d explain what I meant when I said I’d allowed my curiosity to get the better of me

    On Saturday morning I got a message from a friend via Facebook. The English was terrible (the subject was – Gt you! Ha-ha, now watch and cr!) and the link certainly looked “dodgy”. I figured my friend had his PC compromised and it was sending messages from his Facebook account

    It was the first time I’d seen this type of malware attack so I thought it might make an interesting blog post so followed the link

    It took me to a page that looked like YouTube (if YouTube was broken!) and I got a message displayed telling me that my flash player needed updating and I was prompted to download a file

    I downloaded the file and uploaded it to VirusTotal for analysis which then identified the file as being the “KoobFace” worm

    Koobface.worm – McAfee

    Win32.Worm.KoobFace.A – Bitdefender

    W32.Koobface.A – Symantec

    Koobface Family – CA

    This was where I made a stupid mistake

    In my attempt to select the file so I could delete it I inadvertently double-clicked the file and it ran

    As you can imagine my language was colourful at this point

    I got a message on screen

    “Error installing Codec. Please contact support”

    Using the information links above I managed to remove the main worm program and a browser add-in it had loaded to Internet Explorer (I’ve since flattened the machine and reloaded best generic for ativan from a backup)

    Unfortunately it had sent messages using my Facebook account by the time I’d cleaned up.

    I didn’t know who exactly it had messaged hence the warning to everyone in my list

    Highly highly embarrassing as there are a lot of IT pros in my friends list!

    Some of you may be thinking,

    “What was your anti-virus doing during all of this?”

    Good question, but I’ve got a little confession

    I’m not running any at the moment

    Just before Vista was released, Jim Allchin (co-president of Microsoft’s platform division) was quoted as saying Vista’s increased security meant he wasn’t running any anti-virus on a PC his 7-year old uses at home (Techweb reported about it here – he changed his viewpoint slightly afterwards)

    When I recently made the switch to Vista 64-bit as I was installing all my usual programs and thought it would be an interesting experiment to run without any anti-virus software (and blog about it here later!)

    I’ve been running without any anti-virus since mid-July. I use some of the well known on-line scanners as well as some offline tools twice a week to check all is ok and until yesterday everything appears to have been fine

    That said all the anti-virus software in the world can’t protect you from being stupid!

    So what have I learnt from this debacle?

    1) It may be a good time to end my experiment

    2) I rarely allow websites to keep me signed in but Facebook had been an exception. I’ll be going back to how I usually run!

    3) If you tell friends it’s ok to abuse you, then they will 🙂

    As a side note it looks like Facebook have been doing some work too. When I now click on the original link Facebook blocks the page with a warning the site is dangerous

    The following two tabs change content below.
    Andy Parkes is Technical Director at Coventry based IT support company IBIT Solutions. He is also Microsoft Partner Area Lead for 2012-2013 and coordinates AMITPRO which is a peer group for IT Professionals in the Midlands area. He also isn't a fan of describing himself in the third person.

    Latest posts by Andy Parkes (see all)

     

    6 Responses to “Stupid is as stupid does”

    1. Bless you mate, we forgive you – as you did provide us with a little chuckle.

      It’s the first example of a virus using Facebook that I’ve come across, interesting stuff (although I’d imagine you weren’t thinking that when it was happening).

      You realise that even if I turned up at the AMITPRO meeting tomorrow dressed as a life-size Eee PC (in pink) though, the jackals in attendance will still be more interested in teasing you about this? 🙂

    2. Did you have the IT manager at LSE on your facebook account?

      http://business.timesonline.co.uk/tol/business/markets/article4703130.ece

    3. No i didn’t Gareth, sounds like a bad day there!

      IT manager at the LSE would be an interesting contact to have though 🙂

    4. Hi Rich

      The problem was i did find it interesting

      If i’d just thought,

      “Just another virus….ignore it”

      I wouldn’t have got into the mess!

      I may skip tomorrow’s meeting 😉

    5. Interestingly I had a message on Facebook last week from someone with the Subject Title “Morning” and just a live.com URL in it. I thought it was just a little odd and past it by without clicking. Possibly connected I suppose.

      Paul

    6. […] to say my “Andy is stupid and has infected his own computer with a virus though it’s a worm if you want to… post didn’t quite get the same amount of visits…it did get more comments […]

    Leave a Reply