WARNING: Do NOT Open Password Reset Email From Facebook Support. Fake and Contains Virus.

There’s an email going round asking Facebook users to reset their password. The email is a fake and contains a virus, do not open or follow any of its instructions.
Facebook is reportedly in the process of letting its users know, but be sure to let anyone you know be aware of the email.

The message says the following:

The message appears to come from Facebook Support with help@facebook.com as the email address.
If you use a web based email client, you shouldn’t be too concerned with the viral part of this but if you download your email, it’s worth virus checking your computer to be safe. The attachment contains a password stealer that can potentially access any username and password combination used on the computer, not just the login credentials for Facebook reports CNet.

More details to come.

New password-stealing Facebook virus could affect millions of users

BOSTON - Hackers have flooded the Internet with virus-tainted spam that targets Facebook’s estimated 400 million users in an effort to steal banking passwords and gather other sensitive information.

The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to anti-virus software maker McAfee Inc.

If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, McAfee said on Wednesday.

Hackers have long targeted Facebook users, sending them tainted messages via the social networking company’s own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.

A Facebook spokesman said the company could not comment on the specific case, but pointed to a status update the company posted on its website earlier on Wednesday warning users about the spoofed email and advising users to delete the email and to warn their friends.

McAfee estimates that hackers sent out tens of millions of spam across Europe, the United States and Asia since the campaign began on Tuesday.

Dave Marcus, McAfee’s director of malware research and communications, said that he expects the hackers will succeed in infecting millions of computers.

“With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10% success, that’s 40 million,” Mr. Marcus said.

The email’s subject line says “Facebook password reset confirmation customer support,” according to Mr. Marcus.

Read more: http://network.nationalpost.com/NP/blogs/posted/archive/2010/03/18/new-password-stealing-virus-targets-facebook.aspx

Weak Response to Virus Attacks Show a Lack of Community Spirit at Facebook.

There seems to be a bit of a crisis brewing on Facebook and I am frankly stunned by the lack of coverage. There are now several viruses that are taking advantage of the curiosity of Facebook users in such a way that those users are now spamming their friends with diet advice and other nonsense. At a minimum these viruses are annoying. But there could be serious implications and I don’t believe FB is doing a very responsible job of helping their end-users from contracting and distributing viruses. Without serious action, Facebook could turn into a cesspool of virus activity.

The worst part of this story is that the viruses are not limited to the Facebook account — the code apparently is getting loaded onto the hard drive of the end-user. Advice from Facebook to combat the attack includes signing up with McAfee for a free 6 month virus protection service (but after that you get to pay, of course…). “The best defense is often a good offense” says Facebook.

And according to Read Write Web, Facebook is kicking infected users off and then not letting them back onto the Facebook service until their PCs have been proven to be “clean”.

To me the lack of attention and lack of responsibility shown by Facebook is appalling. How can a social media service that is basically built on the backs of consumer’s interest in connecting with their friends be so cavalier about malicious abuses of its core value? How can they expect to survive if they allow purveyors of viruses to use Facebook as their own private petri dish and distribution system? Isn’t there an approval process of some sort? Peer review? Anything?

I may be missing something, but the lack of clear advice from Facebook and the consumer press about the risks of Facebook viruses and the appropriate methods for getting rid of these viruses is a real concern. If you know of a source that is authoritative on this subject, please let me know and I will promote it.

Source: PeterPropp.com

Facebook Virus – Sent to You by Your (Innocent) Friends

Tim Champlin is not only a darn good lead singer (the Western Swing band Interstate Cowboy) he’s a good guy and a good friend. He would never send me something nasty. Would he?!

The thing is, he didn’t do it on purpose – he got it from Facebook. In fact, he got it from one of his other Facebook friends who he knew would never send him anything nasty either.

A Lot More Dangerous Than You Think

Facebook, Twitter and LinkedIn are all under constant attack, not just from spammers, but from smart, seedy, and even violent criminals.

While you might think this sort of thing is just a pain in the rear end, it’s not. It’s a real threat to your, your family and your business.

The USA Today article pictured above tells the story of Alice and her Facebook buddy:

“With a click of her mouse, Alice let the attackers usurp control of her Facebook account and company laptop. Later, they used Alice’s company logon to slip deep inside the financial firm’s network, where they roamed for weeks. They had managed to grab control of two servers, and were probing deeper, when they were detected.”

You’d Be Fooled Too

We’re all pretty savvy now when it comes to email spam. We know our bank is not really asking us to verify our account and we know SusieQue is not really hot for our body.

But, on Facebook, it’s our trusted friends who send these messages. In my case, because Tim has a band I just figured his link would connect me to a video of one of his songs, or maybe an upcoming concert. Wrong!

When I clicked the link, my computer went nuts and warned me that  cyber-zomboid bots from evil lands were trying to take it over. I still don’t know how badly it’s been infected (read the USA Today article pictured above and it will scare the pants off you).

The Trust Issue

Tim, of course, is mortified. But, it’s more than that. As Gene Leganzasaid in our recent post, Twitter Spam – Your Friends are Innocent:

“What really bugs me about it is that it made me an unwitting agent of spam. It impacted my followers’ trust in me.”

For Tim, trust is his band’s most precious asset. Just think about who follows his Facebook Fan Page:

“The thing of it is, Michael, many of my Facebook  friends are important music business contacts, and that business is built on trust. Anything that damages it could endanger my livelihood.”

Get a Clue, Facebook

This trust issue is why we are so critical of Facebook. They are dealing with this explosion of spam, crime and personal assaults on their site by stonewalling.

They simply ask us to trust them. We don’t, and you shouldn’t. It’s not enough for a Facebook spokesperson to say:

“We are constantly working to improve complex systems that quickly detect and block suspicious activity…”

We’d never stand for that kind of namby-pamby response from a politician after a terrorist attack. We’d demand swift and specific action that would protect us.

Facebook doesn’t seem engaged or concerned. They never send warnings and they don’t connect or respond to their customers in any meaningful way. This is a social network, isn’t it?!!

And, worst of all, sites like these are being given a free-pass from the hoards of social media gurus and pitchmen who act exclusively as cheerleaders. Almost no one holds up a hand and says “wait a minute.”

You better believe that Tim Champlin now says “Wait a minute.” You might want to, too.

New Scam/Virus via Facebook

There seems to be a new scam/virus via Facebook. "whosee.me". Meant to see who is viewing your profile. I think it installs a toolbar. Please be aware of this application and website.

Facebook virus via adding an application

I kept getting these notifications that people were commenting on my photos, at one point I stupidly just decided to allow the application. Suddenly I sent like 80 notifications to people saying I commented on there photos. My computer runs slow. I think the google chrome directory is infected. Facebook does not load certain elements through chrome, but it does through firefox.

I uninstalled, reinstalled chrome and it said that it could not install it in the normal chrome directory. After an hour of so of use my computer is slow as hell. Of course I've tried a full system scan through Mcafee and it finds nothing. I downloaded hijack this, nothing.

When I restart my computer I see a blank screen with a flashing line at the bottom and it stalls for like a minute before it can start. This shouldn't be happening. I've tried seraching and this does not seem like the typical facebook viruses that have been described

Read More at McAfee Forums

Facebook Virus Turns Your Computer into a Zombie

Hey, I have this hilarious video of you dancing. Your face is so red. You should check it out.

If you've received a message like that through Facebook or MySpace, you may have been exposed to the "Koobface" virus. "Koobface" comes through an e-mail sent by one of your social networking site friends inviting you to scope out a video.

Once the URL is clicked, "Koobface" prompts you to update your Flash player before the video can be displayed. Therein lies the virus, cloaked in a "flash_player.exe" file. According to the Kaspersky Lab, an antivirus organization working closely with Facebook, "the worms transform victim machines into zombie computers to form botnets."

The McAfee Security Blog explains that when "Koobface" infects your computer, it prompts a downloaded service named Security Accounts Manager (SamSs) to load on start-up. SamSs then proxies all HTTP traffic, stealing results from popular search engines and hijacking them to lesser-known search sites.

A clear eye for fraud will help you avoid this mess. You can usually spot phony e-mails by their titles. Kaspersky found the following: Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments. My own "Koobface" attack came in an e-mail entitled, lool, yoour blushingg afce is so funny! Checkk out. Obviously, Paris Hilton never threw dwarves, and in all likelihood, my 26-year-old friend knows how to spell more than two words. These are clear indicators you're being attacked.

Facebook has posted instructions about how to remove the "Koobface" virus: give your computer an antivirus scrub-down and change your Facebook password.

This attack on the world's most popular social networking site and its 120 million users comes just weeks after Facebook won an $873 million lawsuit against several people accused of hacking user accounts and spreading spam.