If you’re on my Facebook friends list you’ll have got this message over the weekend
If you’ve had a weird message from me (other than this one!) today please delete it
I got the same message from a friend and while allowing my curiosity to get the better of me i managed to infect myself
Highly highly embarrassed
Feel free to message me with abuse
So I thought I’d explain what I meant when I said I’d allowed my curiosity to get the better of me
On Saturday morning I got a message from a friend via Facebook. The English was terrible (the subject was – Gt you! Ha-ha, now watch and cr!) and the link certainly looked “dodgy”. I figured my friend had his PC compromised and it was sending messages from his Facebook account
It was the first time I’d seen this type of malware attack so I thought it might make an interesting blog post so followed the link
It took me to a page that looked like YouTube (if YouTube was broken!) and I got a message displayed telling me that my flash player needed updating and I was prompted to download a file
I downloaded the file and uploaded it to VirusTotal for analysis which then identified the file as being the “KoobFace” worm
Koobface.worm – McAfee
Win32.Worm.KoobFace.A – Bitdefender
W32.Koobface.A – Symantec
Koobface Family – CA
This was where I made a stupid mistake
In my attempt to select the file so I could delete it I inadvertently double-clicked the file and it ran
As you can imagine my language was colourful at this point
I got a message on screen
“Error installing Codec. Please contact support”
Using the information links above I managed to remove the main worm program and a browser add-in it had loaded to Internet Explorer (I’ve since flattened the machine and reloaded best generic for ativan from a backup)
Unfortunately it had sent messages using my Facebook account by the time I’d cleaned up.
I didn’t know who exactly it had messaged hence the warning to everyone in my list
Highly highly embarrassing as there are a lot of IT pros in my friends list!
Some of you may be thinking,
“What was your anti-virus doing during all of this?”
Good question, but I’ve got a little confession
I’m not running any at the moment
Just before Vista was released, Jim Allchin (co-president of Microsoft’s platform division) was quoted as saying Vista’s increased security meant he wasn’t running any anti-virus on a PC his 7-year old uses at home (Techweb reported about it here – he changed his viewpoint slightly afterwards)
When I recently made the switch to Vista 64-bit as I was installing all my usual programs and thought it would be an interesting experiment to run without any anti-virus software (and blog about it here later!)
I’ve been running without any anti-virus since mid-July. I use some of the well known on-line scanners as well as some offline tools twice a week to check all is ok and until yesterday everything appears to have been fine
That said all the anti-virus software in the world can’t protect you from being stupid!
So what have I learnt from this debacle?
1) It may be a good time to end my experiment
2) I rarely allow websites to keep me signed in but Facebook had been an exception. I’ll be going back to how I usually run!
3) If you tell friends it’s ok to abuse you, then they will 🙂
As a side note it looks like Facebook have been doing some work too. When I now click on the original link Facebook blocks the page with a warning the site is dangerous
Latest posts by Andy Parkes (see all)
- My Year In Running – 2017 - January 1, 2018
- Run For Your Life – A Magazine About Everyday Runners - December 9, 2017
- DNS Server Can’t Resolve Against Itself - December 6, 2017