John C. Kirk (johnckirk) wrote,
John C. Kirk

Facebook worm

If you see a Facebook update from one of your friends, saying that they "Like" something, be careful before you click on the link. There's a dodgy worm (virus) going around, and I've seen a couple of people get caught out by that today.

Here's an example of what you'd see on your home page:

Recent Activity

I know some people on Facebook who "Like" several pages a day, e.g. Walking away from explosions without looking at them or Lying About Your Age to Pay Less. They're harmless enough, but they also seem pretty pointless, so I just ignore them. In this case, the person in question is a lot more selective, so this was basically an endorsement: if he liked it, it's worth my time to click on the link.

When I did, I was taken to this page:

Passport letter

This looks like a standard letter, so presumably the funny bit is on the next page. It said "Click to read why the guy was rejected", so I did. However, it then asked me to fill in a survey:

Human verification system

I'm not that interested in reading the passport story, and I don't want to start giving out my details to all and sundry, so I abandoned it. However, when I tried to close the tab, this window popped up:

Are you sure?

Normally I'd say that it's best not to click any buttons in these pop-ups: use the X in the top-right instead. However, the X didn't work, and nor did Alt-F4, so the only way to get rid of it was to click "OK". (I'm using Internet Explorer 8; other browsers may handle this better.)

So, that was all a waste of time. However, the real problem is that it added itself to my profile. Any of my friends would now get a status update saying "John likes The Best Passport Application Rejection In History! LMAO." That would encourage them to click on it, and so the cycle continues. What's really sneaky is that I didn't see this update on my home page: I had to go to my profile page, and scroll down to "RECENT ACTIVITY" to find it and remove it.

There seem to be a few of these things doing the rounds, and this was actually the second one I encountered today. The first one (from a different friend) said that he liked "Paramore n-a-k-ed photo leaked!" I'd never heard of Paramore, but apparently it's a rock band. The person who "Liked" this isn't the type of person who reads lads' mags (e.g. Nuts), so I assumed that he had another reason for liking it, and I took a look. That led me to this page:

Over 18?

I'm over 18, so I clicked through the warning. I then got the same survey page that I mentioned above, so I abandoned it.

In both cases, the person who "Liked" the page wasn't aware that they'd done it until I contacted them. It can be a bit fiddly to get rid of these things afterwards, but Sophos have some tips.

As far as I can tell, simply clicking on the original link is safe. However, if you click on the following page (e.g. "Are you over 18?"), that's using a hidden Facebook widget to update your profile. If you're a techie, and you're feeling brave, you can go to these pages and look at the JavaScript for yourself:
"Paramore n-a-k-ed photo leaked!"
"The Best Passport Application Rejection In History! LMAO."
(The Register refer to this as "clickjacking".)

By the way, since I abandoned both pages at the survey stage, I don't know whether either of them actually have a real "reward" at the end. However, even if they do, it's not worth dealing with this worm to get to them.

I don't think that either of these pages are doing any real damage. However, they probably get access to your profile information while you "Like" them, which could be used for identity theft. It's also possible that future versions of this worm will be a bit more dangerous.

The key point here is to be cautious. Don't trust endorsements from your friends, including me! I (briefly) liked both of these pages, but you shouldn't click on them just because I appeared to like them. The downside to this is that legitimate pages will get tarred with the same brush. For instance, yesterday I saw an update from another friend, who liked the "BBC: Profile picture experiment". As far as I can tell, that one is completely legitimate, but I only know that because I clicked through to it.

The solution may be for people to use their own words: if I see a status update that matches someone's normal speech patterns, the chances are that they really wrote it, rather than a bot impersonating them. That's more work than clicking "Like", but if it encourages people to be selective then that's no bad thing. In other words, do you actually like this thing enough to spend 10 seconds typing a blurb for it? If not, there's no need to mention it.
Tags: facebook

  • Zombie stories

    Continuing the blog's zombie theme, I recently watched Warm Bodies at the cinema and In the Flesh on TV. I think they both deserve credit for doing…

  • Zombies!

    Today I went up to Reading for a Zed Events zombie experience. I really enjoyed it: it was expensive (£139 + train ticket) but well worth the money…

  • Picocon 30

    This weekend I've been at Picocon (ICSF's annual convention). I used to go every year, but my attendance has been a bit more sporadic in recent…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded