Stupid is as stupid does

If you’re on my Facebook friends list you’ll have got this message over the weekend

Hello All
If you’ve had a weird message from me (other than this one!) today please delete it
I got the same message from a friend and while allowing my curiosity to get the better of me i managed to infect myself
Highly highly embarrassed
Feel free to message me with abuse
Andy

So I thought I’d explain what I meant when I said I’d allowed my curiosity to get the better of me

On Saturday morning I got a message from a friend via Facebook. The English was terrible (the subject was – Gt you! Ha-ha, now watch and cr!) and the link certainly looked “dodgy”. I figured my friend had his PC compromised and it was sending messages from his Facebook account

It was the first time I’d seen this type of malware attack so I thought it might make an interesting blog post so followed the link

It took me to a page that looked like YouTube (if YouTube was broken!) and I got a message displayed telling me that my flash player needed updating and I was prompted to download a file

I downloaded the file and uploaded it to VirusTotal for analysis which then identified the file as being the “KoobFace” worm

Koobface.worm – McAfee

Win32.Worm.KoobFace.A – Bitdefender

W32.Koobface.A – Symantec

Koobface Family – CA

This was where I made a stupid mistake

In my attempt to select the file so I could delete it I inadvertently double-clicked the file and it ran

As you can imagine my language was colourful at this point

I got a message on screen

“Error installing Codec. Please contact support”

Using the information links above I managed to remove the main worm program and a browser add-in it had loaded to Internet Explorer (I’ve since flattened the machine and reloaded best generic for ativan from a backup)

Unfortunately it had sent messages using my Facebook account by the time I’d cleaned up.

I didn’t know who exactly it had messaged hence the warning to everyone in my list

Highly highly embarrassing as there are a lot of IT pros in my friends list!

Some of you may be thinking,

“What was your anti-virus doing during all of this?”

Good question, but I’ve got a little confession

I’m not running any at the moment

Just before Vista was released, Jim Allchin (co-president of Microsoft’s platform division) was quoted as saying Vista’s increased security meant he wasn’t running any anti-virus on a PC his 7-year old uses at home (Techweb reported about it here – he changed his viewpoint slightly afterwards)

When I recently made the switch to Vista 64-bit as I was installing all my usual programs and thought it would be an interesting experiment to run without any anti-virus software (and blog about it here later!)

I’ve been running without any anti-virus since mid-July. I use some of the well known on-line scanners as well as some offline tools twice a week to check all is ok and until yesterday everything appears to have been fine

That said all the anti-virus software in the world can’t protect you from being stupid!

So what have I learnt from this debacle?

1) It may be a good time to end my experiment

2) I rarely allow websites to keep me signed in but Facebook had been an exception. I’ll be going back to how I usually run!

3) If you tell friends it’s ok to abuse you, then they will šŸ™‚

As a side note it looks like Facebook have been doing some work too. When I now click on the original link Facebook blocks the page with a warning the site is dangerous

The following two tabs change content below.
Andy Parkes is Technical Director at Coventry based IT support company IBIT Solutions. Formerly, coordinator of AMITPRO and Microsoft Partner Area Lead for 2012-2013. He also isn't a fan of describing himself in the third person.

Latest posts by Andy Parkes (see all)

6 thoughts on “Stupid is as stupid does

Leave a Reply