NOTE: This article is mostly about a hoax which spread on Facebook in August 2010, but there have been real scams spreading virally on the social network using the disguise of a message about a girl who killed herself after her father posted a message on her wall. If you've come to this page then chances are that you have encountered one of the genuine scams, like the version of the attack we have described here. And now back to the original article from August 2010..
Many Facebook users are spreading inaccurate messages on the social network, warning each other to beware a "virus" that claims a girl killed herself over a post her father made on her Facebook wall.
The text of the warning reads as follows:
WARNING:THERE IS A VIRUS GOING AROUND AGAIN, IF YOU SEE A GIRL WHO KILLED HERSELF OVER SOMETHING HER FATHER WROTE ON HER WALL DO NOT OPEN IT, IT IS A VIRUS AND IT WILL NOT ALLOW YOU TO DELETE IT, PLEASE PASS THIS ON BEFORE SOMEONE OPENS IT. (IT IS A SELF REPLICATING TROJAN
However, the alerts are not based on facts, and members of the public are unwittingly perpetuating a hoax in the belief that they are helping their online friends and family avoid a nasty virus infection.
Ironically, the warning about the hoax is spreading faster and wider, and is probably more of a nuisance, than any genuine infection.
For those who care about such things, viruses and Trojan horses are different types of malware - it's not possible to have a virus which is a Trojan horse. And by their very nature, Trojan horses cannot be self-replicating.
Furthermore, there's no such thing as malware that you can't remove so the claim that it "will not allow you to delete it" is nonsense too. I'm going to say this very simply: Please stop forwarding this hoax to your friends. Thanks. :)
Okay, now that's clear let's look a little more deeply into this story. What is the background to this virus hoax?
It turns out that things are rather complicated.
According to internet rumours, a girl called Emma killed herself on Christmas Eve 2008 after being bullied on Facebook. However, images which show the alleged conversation between the bully and victim show "Like" buttons even though it was not possible to say that you "liked" an online conversation on Facebook back in 2008.
Rumours like this get a lot of people's attention - and it has been exploited by the bad guys in what is becoming a genuine problem on Facebook. Regular readers of this blog, and visitors to the Sophos Facebook page, will only too familiar with Facebook pages which trick you into "liking" and "sharing" a link with the offer of showing you salacious content of the "OMG!" or "Shocking!" variety.
There are a number of scam Facebook pages which claim to be about the alleged girl who killed herself because of a post made on the site (although some claim it was by her mother, not her father).
Visiting the pages takes you to the familiar scam where they trick you into "liking" and "sharing" the link.
And there are also links being shared online which show the picture of a young woman, alleged to have been the person who killed themselves after their father wrote on their Facebook wall.
However, the picture of the woman used on this webpage is actually that of former Greenwich University student Emma Jones.
24-year-old Miss Jones died in Abu Dhabi in November 2009 after drinking poisonous cleaning fluid, and there were claims that she was distressed and commited suicide after her ex-boyfriend had posted naked photos of her onto Facebook.
(Before you click on that link, let me advise you that there aren't any naked photos there. Sicko).
So, despite what this page promises - it's nothing to do with her father writing a message on her Facebook wall. I think it's pretty sick that cybercriminals are using the image of a dead woman in their attempts to spread their scam.
Worryingly, the Facebook page promoting this (and other) scam pages has over 583,000 fans - making it easy for them to advertise a new link and kick start a new campaign at any time.
And it seems many people are all too willing to unwittingly help spread such links.
Undoubtedly some of these scams and rogue Facebook pages will have helped fuel the hoax that a virus is doing the rounds. You should be able to see by now that this is a tangled web of deceit and scams.
So, to make things simpler, here's the executive summary:
1. Stop spreading the hoax virus warning. It's nonsense. You're clogging up your friends' news feeds.
2. Stop "liking" and "sharing" pages unless you really do like them. There are many scammers on Facebook trying to trick you into sharing their links with the promise of showing you some exclusive pictures or a video.
3. If you're on Facebook you may want to join the Sophos Facebook page to stay up-to-date with the latest security news.Follow @gcluley