Facebook Easter Egg causes a flap

My mate Ben told me a story the other day which he thought I would find amusing.

He’s a Facebook addict, and has been regularly cajoled for spending hours checking the social networking site for updates from his buddies instead of the biology job he’s supposed to be busy doing..

The other day he stepped away from his desk for what Americans charmingly call a “comfort break”, and returned to his desk to find bizarre red circles appearing like a lens flare on the Facebook page he was logged into.

In reality, he had fallen victim to an office prank – one of his colleagues had turned on a Facebook Easter Egg while Ben was away from his desk.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

You could do this on Facebook too. You simply login and press:


The problem was that Ben initially panicked, and thought his computer had been virus-infected. Fortunately the culprit owned up before Ben took things into his own hands to “remove the virus” and possibly make things much worse.

And that’s the problem even with seemingly harmless pranks like this which don’t involve you installing software on someone else’s PC. You don’t know how they’re going to respond, and there’s always the danger that they might over-react and do some real damage.

Ironically, it’s pretty rare these days for malware to have such visual payloads as the Facebook Easter Egg. In olden times, virus authors were more like graffiti artists than bank robbers and some had visual payloads of cascading letters, scrolling moonscapes, skulls dripping in blood, etc..

The media still likes to present malware in this highly visual way, so you’re likely to see viruses represented like this in movies and TV dramas for some time to come.

The truth, however, is that with a few notable exceptions (like the recent iPhone worm) the bad guys are designing their malware to be stealthy and invisible, and impossible to spot with the naked eye.

Easter eggs are a bit of fun for the programmers behind websites and software packages – but it’s probably best if you trigger them for your own amusement rather than play a prank with them on someone else.

PS. If you think the Facebook easter egg is cool, just try the same sequence at jQuery.