lefty
08-07-2008, 01:42 PM
Facebook virus infecting 'Friends' lists
> Warning to all Facebook users: a new virus is going around that appears to infect the Facebook users' Friends lists. It sends out an email message with a link that asks you to download a plug-in to view a video. One word: don't.
> Already more than a dozen times today I've received this email message, or a variation of it, from Facebook "friends":
> Jeff sent you a message.
> Subject: Hey friend. "You've been catched on hidden cam, yo."
> As with any other email you receive within Facebook, users will get this message in their Facebook email inbox as well as their default email program, such as Outlook or Outlook Express.
> Following this messages is a long URL (website address) that, when clicked, takes you to what appears to be a YouTube video. This is not YouTube. When you click the video to begin, a message pops up and says you first need to download a newer Flash player to play the video. Do not do this. It's a virus.
> Symantec's Norton Antivirus software has flagged this as a "high risk" Infostealer.Gampass virus. More info on this particular Trojan vius is here. (Note: Symantec warns the risk level is "low," since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)
> You might be inclined to click on this link because it's from a friend, but they did not intentionally send it to you -- and yes, their Facebook photo is attached, too.
> Here's what it looks like in Facebook:
http://www.sync-blog.com/photos/uncategorized/2008/08/06/virus_msg_facebook_2.gif
> and here's what you see if you follow the link to the fake YouTube site:
http://www.sync-blog.com/photos/uncategorized/2008/08/06/virus_video_2.gif
> And the dialog box instructing you to download the malicious code:
http://www.sync-blog.com/photos/uncategorized/2008/08/06/virus_download.jpg
> Pass this onto your Facebook friends so they do not download and open this "codecsetup.exe" file.
> What to do if you downloaded the virus?
> Unfortunately, ther's no quick fix if you run this virus, says Marc Fossi, manager of system development, at Symantec's security response team:
> "The Trojan is not new -- it’s only the attack mechanism that is. Clicking the link won’t infect anyone. The threat is only installed if the user downloads and executes the “codecsetup.exe” file he refers to. Since Gampass can also download and install other threats onto the computer there is not a single disinfection procedure available. The user should download the latest virus definition files and run a full scan of their computer. Always keep antivirus definition files up to date is the only thing that will warn the users ahead of time. This doesn’t exploit a vulnerability so there isn’t a patch available. But the full system scan should disinfect Gampass and any other threats it downloads and installs."
> Warning to all Facebook users: a new virus is going around that appears to infect the Facebook users' Friends lists. It sends out an email message with a link that asks you to download a plug-in to view a video. One word: don't.
> Already more than a dozen times today I've received this email message, or a variation of it, from Facebook "friends":
> Jeff sent you a message.
> Subject: Hey friend. "You've been catched on hidden cam, yo."
> As with any other email you receive within Facebook, users will get this message in their Facebook email inbox as well as their default email program, such as Outlook or Outlook Express.
> Following this messages is a long URL (website address) that, when clicked, takes you to what appears to be a YouTube video. This is not YouTube. When you click the video to begin, a message pops up and says you first need to download a newer Flash player to play the video. Do not do this. It's a virus.
> Symantec's Norton Antivirus software has flagged this as a "high risk" Infostealer.Gampass virus. More info on this particular Trojan vius is here. (Note: Symantec warns the risk level is "low," since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)
> You might be inclined to click on this link because it's from a friend, but they did not intentionally send it to you -- and yes, their Facebook photo is attached, too.
> Here's what it looks like in Facebook:
http://www.sync-blog.com/photos/uncategorized/2008/08/06/virus_msg_facebook_2.gif
> and here's what you see if you follow the link to the fake YouTube site:
http://www.sync-blog.com/photos/uncategorized/2008/08/06/virus_video_2.gif
> And the dialog box instructing you to download the malicious code:
http://www.sync-blog.com/photos/uncategorized/2008/08/06/virus_download.jpg
> Pass this onto your Facebook friends so they do not download and open this "codecsetup.exe" file.
> What to do if you downloaded the virus?
> Unfortunately, ther's no quick fix if you run this virus, says Marc Fossi, manager of system development, at Symantec's security response team:
> "The Trojan is not new -- it’s only the attack mechanism that is. Clicking the link won’t infect anyone. The threat is only installed if the user downloads and executes the “codecsetup.exe” file he refers to. Since Gampass can also download and install other threats onto the computer there is not a single disinfection procedure available. The user should download the latest virus definition files and run a full scan of their computer. Always keep antivirus definition files up to date is the only thing that will warn the users ahead of time. This doesn’t exploit a vulnerability so there isn’t a patch available. But the full system scan should disinfect Gampass and any other threats it downloads and installs."