If you’re on my Facebook friends list you’ll have got this message over the weekend
Hello All
If you’ve had a weird message from me (other than this one!) today please delete it
I got the same message from a friend and while allowing my curiosity to get the better of me i managed to infect myself
Highly highly embarrassed
Feel free to message me with abuse
Andy
So I thought I’d explain what I meant when I said I’d allowed my curiosity to get the better of me
On Saturday morning I got a message from a friend via Facebook. The English was terrible (the subject was – Gt you! Ha-ha, now watch and cr!) and the link certainly looked “dodgy”. I figured my friend had his PC compromised and it was sending messages from his Facebook account
It was the first time I’d seen this type of malware attack so I thought it might make an interesting blog post so followed the link
It took me to a page that looked like YouTube (if YouTube was broken!) and I got a message displayed telling me that my flash player needed updating and I was prompted to download a file
I downloaded the file and uploaded it to VirusTotal for analysis which then identified the file as being the “KoobFace” worm
Koobface.worm – McAfee
Win32.Worm.KoobFace.A – Bitdefender
W32.Koobface.A – Symantec
Koobface Family – CA
This was where I made a stupid mistake
In my attempt to select the file so I could delete it I inadvertently double-clicked the file and it ran
As you can imagine my language was colourful at this point
I got a message on screen
“Error installing Codec. Please contact support”
Using the information links above I managed to remove the main worm program and a browser add-in it had loaded to Internet Explorer (I’ve since flattened the machine and reloaded )
When I recently made the switch to Vista 64-bit as I was installing all my usual programs and thought it would be an interesting experiment to run without any anti-virus software (and blog about it here later!)
I’ve been running without any anti-virus since mid-July. I use some of the well known on-line scanners as well as some offline tools twice a week to check all is ok and until yesterday everything appears to have been fine
That said all the anti-virus software in the world can’t protect you from being stupid!
So what have I learnt from this debacle?
1) It may be a good time to end my experiment
2) I rarely allow websites to keep me signed in but Facebook had been an exception. I’ll be going back to how I usually run!
3) If you tell friends it’s ok to abuse you, then they will 🙂
As a side note it looks like Facebook have been doing some work too. When I now click on the original link Facebook blocks the page with a warning the site is dangerous
Latest posts by Andy Parkes (see all)
- Dishley parkrun, Loughborough - August 1, 2023
- Woodgate Valley Country Park parkrun - July 22, 2023
- Abbey Park parkrun - June 8, 2023
Bless you mate, we forgive you – as you did provide us with a little chuckle.
It’s the first example of a virus using Facebook that I’ve come across, interesting stuff (although I’d imagine you weren’t thinking that when it was happening).
You realise that even if I turned up at the AMITPRO meeting tomorrow dressed as a life-size Eee PC (in pink) though, the jackals in attendance will still be more interested in teasing you about this? 🙂
Did you have the IT manager at LSE on your facebook account?
http://business.timesonline.co.uk/tol/business/markets/article4703130.ece
No i didn’t Gareth, sounds like a bad day there!
IT manager at the LSE would be an interesting contact to have though 🙂
Hi Rich
The problem was i did find it interesting
If i’d just thought,
“Just another virus….ignore it”
I wouldn’t have got into the mess!
I may skip tomorrow’s meeting 😉
Interestingly I had a message on Facebook last week from someone with the Subject Title “Morning” and just a live.com URL in it. I thought it was just a little odd and past it by without clicking. Possibly connected I suppose.
Paul