Sophos Cloud Optix
A new social networking worm in the vein of Koobface is currently doing the rounds.
A Naked Security reader, George, who had been exposed to it on Facebook reported it to us – unlike the majority of Facebook scams we report, this one actively infects your computer with malware instead of simply tricking you into taking surveys and passing on messages to other users.
The link in his Facebook chat from a friend pointed to an app.facebook.com/CENSORED link. Typically when you go to a Facebook app page it prompts you to add the application and grant it permission to post on your behalf or read your profile data. The scary part about this one is that it immediately prompts you to download a “FacebookPhotos#####.exe” file with no prompting or clicking required.
The screen reads “Photo has been moved. This photo has been moved to other location. To view this photo click View Photo.” If your computer has not already downloaded the malware, the “View Photo” button will download the virus for you.
It is really unfortunate that Facebook scams are moving back towards spreading malware. Fortunately, users of Sophos Anti-Virus had proactive protection from this threat with both our HIPS and suspicious file detection technologies; this particular strain is now identified by Sophos as W32/Palevo-BB.
The good news is that even as I was writing this article, Facebook removed the malicious application from its service. But there are probably many more applications like this one making the rounds, so, as always, beware of unusual messages from friends whether they are in email, on their walls, or in an instant message.
If you’re a Facebook user, I invite you to join our Facebook page, where we post all the latest security news and threats you need to watch out for. We also have a Facebook privacy guide explaining how to navigate the privacy settings, with recommended settings to control your profile.
For those of you who need to educate your users on how to safely use social media sites, you can download our free social media education toolkit.
as if there isn't enough of those on the net, now there is another new one. damn people that do that just to screw up people's computer or get their information. have had those so I know. am very careful about what I open now.
Is this the same virus http://www.symantec.com/security_response/writeup… (W32.Yimfoca)?
Yes, we have updated our identity to be W32/Palevo-BB
McAfee.. search,, 'koobface'…"no results"
What am i really looking at..? thks n adv
Lock some folks up for 20 years, and make it very public,
and they might think twice about creating these things…
nice catch, Chet….muchly appreciated by us FB users, eh!
π
Jim
I have the virus on facebook it says : Foto π and then a link tabbed to it!!!
I have a question for all on the page. If you did not request it and it leads you to a place you did not want to go, why would you hit the button? Do not click on things in e-mail or on FB you did not request yourself. Safety rule number one. Why do hacker do this? The answer is: because "IT WORKS". You have to be your own first line of defense.
My guess is that people click on the link because of social engineering.
They are tricked into believing the chat message has come from a friend – perhaps someone who they wouldn't be surprised to point them towards an online phone.
You're right, of course, folks should be much more careful and apply more common sense when online. Unfortunately some people aren't so cautious, and that's who the bad guys are relying upon.
Because the message shows up from one of your facebook friends in a chat screen saying "Is this you?" and a link that looks to be to a photo. I got the message and had no idea it was not from my friend. Any suggestions on what to do if the malware is downloaded on my computer?
That same virus tried to infect me today. That same "photo has been moved" text and image appeared. Win 7 didn't download the file (it asks permission to run the exe file). And Avast didn't retrieve any positive results of an infection.
So, that means I'm safe?
what can I do if I already opened the file?
yeah – could you tell me how to delete this virus? i downloaded it and im infected – what program should i use ?? pls help
it is not a virus and its an old one this is how to remove it
f Koobface Virus:
1 – Kill these processes:
fbtre6.exe
mstre6.exe
2 – Delete
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionRun”systray” = “c:windowsmstre6.exe”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionRun”systray” = “C:Windowsfbtre6.exe”
HKEY_CURRENT_USERAppEventsSchemesAppsExplorerNavigating
3 – Delete
C:Windowsfbtre6.exe
C:Windowsfmark2.dat
then run Malwarebytes
If this was actually Koobface, you would be correct… Unfortunately this malware is called Palevo and affects the system in different ways. There are several variants and they infect systems in different ways.
Download all available updates from your AV vendor and run a full system scan is the best advice. Sophos products detect all known variants and can both prevent infection and perform cleanup.
Chester
Please tell me in english how to delete this virus!!!!THANKS!!!
Does it affect Mac as well or just PC?
This malware attack works on Windows, not Macs.
Does this affect Mac computers? I unfortunately got tricked! I have been very careful in the past but this one got me! ARGGGGGG I’m just worried that it might have spread out to my external drive which was connected to my Mac at the same time this happened.
I’m so frustrated!
Your Mac should be fine, this is a Windows-specific threat.
hi when i sign in the page just redirects back to the sign in page and never lets me into FB but if i bring my laptop to my buddys house it lets me sign in with no problem or if i use our other computer in the house on the same wireless system i can sign in with no problem what could be the problem?
Graham it looks like your awfully busy here answering peoples questions. I would appreciate if you can take the time to answer my question as well. I think I might be infected because I spammed the same, ''take a look at this photo'' to a friend when i logged on facebook. So that must mean I am infected?.. I mean, I Ran the photo , I didn't save it then open it, doesnt seem like theres quiet any differences but I need to know if theres any virus scanners that will pick up this malware and delete it. I use Microsoft Security Essetionsals but it seems that it didn't effectivly get rid of the virus, additionally this is not even my computer… =(
Yes, your computer might be infected.
If Microsoft Security Essentials isn't finding anything you could try some alternative anti-virus products (make sure they're up-to-date) to see if they can detect anything. If you're still struggling you might need to find a geek who can actually look at your computer for you.
same here…I have MSEssentials but can't clean or detect it.
try PC Tools Doctor.
i can't remove the the virus *.exe file when logged in.
very irritating since it keeps on opening again and again..
it is found in the drive C:… this can't be manually deleted.
But this PCToolsDoctor has a deleting capability by which it can force delete the application.. will reboot your computer and clean the malware.
I am so upset. π my computer was just infected i dont know what to do. I have no clue when it comes to computers.
It happend last night my daughter was on facebook when a friend im "look at this photo's ha ha" and thats it. It has taken over my computer and I do not know what to do.
If you think your PC is infected and your paid-for anti-virus software isn't doing the job contact their tech support team – that's what you gave them money for!
Good luck
I have been tricked by the scam and now it hijacks my computer and deletes all my MSN chat windows and I'm unable to open new chatsessions again without restarting MSN. And at the sign-in page for facebook I'm unable to uncheck the "keep me signed in" and sometimes the mouse is freezing. My computer feels hijacked.__Avast AV with latest Virus/Wormlist doesn't find it.__What to do?!?!?!?
Geez, seriously?
MESSAGE TO ALL DUDES AND DUDETTES WHO CREATE VIRUSES:
You want money? GET OFF OF YOUR LAZY BUTTS AND GET A FRIKKIN' JOB! AN EDUCATION THAT'LL GIVE YOU A GOOD FUTURE, AND GET A FRIKKIN' WELL-PAYING JOB! GET A LIFE WHILE YOU'RE AT IT! Gosh, people are idiots!
we have an education, thats how we learned it
uhm yeah its not gone … and i got tricked π no comments but its filling my facebook with half naked girls and "crush" ad things and now im getting millions of pop ups … HOW THE HECK DO I GET RID OF THIS THING??? help me π
OMG that just happened to me right now! thank god it only infects the pcs, although i dont want to pass it onto my pc friends. right as im typing more of my friends r sending me the same message because of that one friend
hay.ive got the fb virus just now that spread quickly in the chat messages…..
does it recover?
im now currently stayin offline ..idk what to do.
any solutions?????
Serioulsy, if they are good enough to program these viruses, they could be making a lot of money in the LEGITIMATE world…helping people, not hurting them….
If people are foolish to click on anything a website tells them to then they get what they deserve, It's only going to get worse until people educate themselves on how to avoid these things, whilst it is unfortunate these people get a virus, its the only way they will be inclined to take responsibility for their recklessness, and learn how to use a computer.
That's easy for you to say since you've NEVER had a virus. The cause of the problem is that there are people who write viruses with malicious intent.
Blame the victim of course.
just buy a mac , no tension of virus,virus free haha !
Hi, just wondering what can be done, my mom downloaded it on her iPad. Is there anti-virus software she needs for that?
Thanks
i have a virus that dosnt let in at fb…it send me a massage on chat from a friand and a link,when i clicked the link i downloaded someting…after a day i had 700 infections 30 trojan and other staff…but the most important was that it dosnt get to fb at all…i remove them all but still fb isnt workink for me…
I'm always surprised at the gullability of the avergae FB user… I use facebook but have never fallen prey to any of these infections.
I know pretty much all of my FB friends irl and they are on the whole quite intelligent people yet pretty much every one of them has fallen for the , "who's viewed me / Your first post" type stuff.
Hey ho…
i cant use my facebook well. i was infected by a virus. My friend sent me a .rar file with jpeg i dont remember if its jped or jpeg i thought he was having problems so i downloaded it.. Oh Gosh Now what happened. i cant access My Facebook well. i Cant post anything. even If i use other accounts.