Sophos Cloud Optix
Don’t be too quick to click on links claiming to “Enable Dislike Button” on Facebook, as a fast-spreading scam has caused problems for social networking users this weekend.
Messages claiming to offer the opposite to a like button have been appearing on many Facebook users’ walls:
Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!
Like the “Preventing Spam / Verify my account” scam which went before it, the scammers have managed to waltz past Facebook’s security to replace the standard “Share” option with a link labelled “Enable Dislike Button”.
The fact that the “Enable Dislike Button” link does not appear in the main part of the message, but lower down alongside “Link” and “Comment”, is likely to fool some users into believing that it is genuine.
Clicking on the link, however, will not only forward the fake message about the so-called “Fakebook Dislike button” to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.
The potential for malice should be obvious.
As we’ve explained before, there is no official dislike button provided by Facebook and there isn’t ever likely to be. But it remains something that many Facebook users would like, and so scammers have often used the offer of a “Dislike button” as bait for the unwary.
Here’s another example that is spreading, attempting to trick you into pasting JavaScript into your browser’s address bar, before leading you to a survey scam:
If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 180,000 people.
Given the prevalence of the dislike button scams, do you not think it might be wise for Facebook to actually either a) come out and explicitly state there will never be a dislike button or b) just implement one. It seems like people are so desperate for the down-thumb option to be true that they're putting their online security at risk.
It won't happen because Facebook simply doesn't care about it's users since users are not their customers; users are their product, whose personal information they sell to the highest bidder. The only time Facebook makes positive security or privacy changes is when they are publicly shamed into doing so. Maybe that will happen here. I hope so. Someone on another board suggested a splash page warning on login. Something like that would be useful. I won't hold my breath.
According to a NextWeb Oct 10, 2010 article they (facebook) have apparently said that there will never be a 'dislike' button. I have seen that more than once myself. The theory being that people would not use such a button sensibly. Also has to do with ads/sponsors.
http://thenextweb.com/socialmedia/2010/10/10/face…
they wont make the dislike button in theory that its a negative experience for the person who posted the comment/picture. i've seen it somewhere on the facebook administrator pages about they want to keep the side positive for all not want to produce something that could be negative and harmful to anyones emotions and such. i'm not exact on what the site said however it was on those lines of being disrespectful, blah blah.
They already have explicitly stated that there will be no 'dislike' button. The potential to facilitate cyber-bullying, amongst other things, with the addition of this button is too great.
the want of a dislike button and the ego it encourages should be the tell tale sign of the scam, a dislike button would give facebook a negative reputation, and negativity on social websites is something that has broken them and given rise to new ones. so a like button encourages a good mood, but many posters are unaware of the disference between feelings and emotions and alot of them bieng twenty soemthings or younger, they need to be edjucated on the lure of scammers and gain wisdom on how to be warey with "promotional techniques" so that they can see that thier own negativity and desires that are unhealthy is what is making them weak to the scams. these scams also can promote virus and spy ware contamination of thier computers and so they should see this as a threat to thier finances and not just a threat to software functionability, and then perhaps they will desire the edjucation that they need to stay away from scams. every scam doesnt have the same purpose, but many of them are trojan horses indeed for more malice than the adverage user is aware of.
@ian_goodall – totally agree with you. I just mentioned this the other day.
I agree with Ian. Too many users are naive/without a clue. Facebook needs to be more proactive in dispelling scams and/or simply adding clarification to its users. I have 2 additional thoughts, as follows: 1) Facebook Security updates should automatically sent to its users via their News Feed. As the service is "currently" free, it is reasonable that Facebook updates can be forced to its users feeds, especially as it relates to "security". Make people understand. Don't give them the option for ignorance. Be socially responsible. Educate. 2) Incorporate a "thumbs up" and "thumbs down" feature, similar to YouTube.
Be safe, but be smart also.
My 11year old son just did this Is there anyway of getting it off again??
Claire. why your 11 year old son has a facebook account anyway?
Your son shouldn't be on Facebook until he is 13. This is just one of the many good reasons.
Yes. Remove the installed app from within facebook and run a scan with your antivirus. Id visit majorgeeks.com and follow their virus removal steps as well.
You clicked it didn't you? Now you're trying to blame it on a 11 year old boy because you feel like a fool for clicking it!
Hahaha, you were fooled by the tom trickery!
Why does you 11 yr old son have a FB account? You are to be blamed for such a careless parent !!!
Anyone who wants a dislike button can get one easily by simply clicking the like button on anything. once it is clicked there will be a dislike button right where the like button used to be. 🙂
No that isn't a 'dislike' button , it just removes your 'like'.
thats not a dislike that is a unlike
What !!??? dont you think it just removes the last like action ! Oh how dummy!!
He was TOTALLY being sarcastic… giving that you can "unlike" or "dislike" what you liked already.. whos dumb now..?
he was clearly being sarcastic..but its "unlike" not dislike =D
I just had about ten people post that message on my wall. Very annoying.
I see a lot of articles warning us about this scam but none that tell us how to fix it if the user accidentally clicks on it. I'm trying to help my friend's daughter, who did just that, but can't figure it out. She has now been told to run either MalwareBytes or Ad-Aware, and to also run a virus scan; but is there something else we should be doing?
I think its ok if you click it just dont paste the javascript code in your browser
To @kat569 I suspect it's a form of app, so you should be able to delete it in the security section. My niece claims someone hacked her account doing it to her, but I assume she tried to turn the feature on signing up for the app or granting the app access. I posted the link to this site onto my profile to warn my friends. My niece managed to delete her posts about it and I guess removed the app as I mentioned. I thankfully wasn't naive enough to click on it and did some quick google research resulting in my finding this site. I also hate the facebook stat scams as I'm sure they're scams. You know the ones that claim to show how many people and maybe even which people accessed your facebook page. I just saw what appeared to be a automatic/computerized post via a friends profile promoting one. I hope people stop falling for this stuff.
I clicked, I'll admit it. I ran a scan and it did not show up. Am I okay?
If all you did was click the link, and you did not follow through to the last step, you're probably fine. It seems the final pasting and transmission of the javascript into the address bar of a browser was what would have infected your machine.
Evidently there is something that occurs as the link is loading as well. My anti-virus software picked it up and killed something as the page loaded and I didn't even get to the Javascript part. If there is a way to contact the dev's from Facebook and see about this, please pass along.
I've seen a post about this scam, saying it contains a virus called Virotex. I couldn't find anything on Google about this virus, but another person commented saying 'Just had it confirmed by a friend that the virus is real, but her antivirus caught and stopped it!'
Surely if there's a virus with that name, that's known about enough for an anti-virus to pick it up, I should be able to find something on Google…?
As for Facebook, in the past, they've put announcements at the top of our news feeds about upcoming changes. Why on earth can they not post an announcement about these stupid scams as well?!
I understand why Facebook don't want to do a 'dislike' button, due to the worries about it being used as a bullying tool, and I tend to agree.
Beware of friends and strangers talking about viruses (unless they work for an antivirus company). Many such warnings are scams, hoaxes, chain emails and vectors for virus infections themselves!
If you have good AV software you can be sure that they will know about most viruses before anyone else starts sending you emails about it. Just make sure your AV software is fully up-to-date.
This has got even worse, I was just on my main PC and i clicked it not knowing what it was (how retarded of me) and it just brung me back to my desktop and said that i had 25 viruses in my recycle bin.. then i knew it was a rogue virus so i just left it and hoping to get it sorted out soon
My friend opened it on my account, Using my computer as I left my facebook logged in by accident:/ But before the page could load I caught her and shut down my computer.
would that still affect my PC even though the pagge was still loading when I caught her?
Thanks
I think you're OK. I was going to suggest the same thing to my friend if he ever got the fake antivirus popup in the future. It's too complicated to explain to people who are not good with computers how to use Task Manager (Ctrl+Alt+Del) to kill your browser or not to click any buttons inside the popup or how to escape the annoying tactics (dialog boxes that keep asking you to click OK or Cancel, many popups appearing at the same time) used in a browser to keep the user from shutting down their Firefox or IE.
So I just say click the Start button > Turn Off Computer > Restart if you can.
If you can't then hit the power button on the PC. But shutting down the PC without letting the computer log off normally can be bad but usually nothing ever happens except that if you had something open and you didn't save it, it's gone now. Turning off your computer the fast way (without letting it shut down on its own) can cause corrupted files and registry problems. But this usually only happens if you shut down the computer this way a bunch of times or if you have a old computer.
QUESTION
And the weird part of these damn Facebook scams is no security blogger ever tells you if a virus/malware was installed or had the potential to be installed. All they ever say is that you are tricked into filling out a survey and that's it! Really? Are you sure about that?
If there is even one variant of these Facebook scams that CAN install malware I would like to know. Because all this sounds like is a extremely minor (viral) annoyance.
Julia's & Mark's posts lead me to believe there are cases where this happens. I'd like to focus on those cases rather than these baby "you filled out a survey and were not exploited in any way other than annoyingly spamming all your friends with a message" Facebook scams.
Most often malware is not installed in these attacks. They primarily exist within the Facebook ecosystem. Occasionally we do see things like Koobface and Palevo, if we see evidence of malware we will mention it in our posting.
i would like to add here for the record : firefox has a dislike button for facebook, ive been using it about 2 years, it is safe, and useful to me. People occasionally warn me about it and email me concerns for their safety. i just wanted to make clear , that there are such things which are not malware. not really to do with this new issue,just sayin
That's a blatant lie. Firefox has no way of interacting with facebook that is unique compared to other browsers. If you're under the impression that you can ''dislike'' something, its because you've already liked it and are just unliking it, or because you're an idiot.
I have the same add-on. It states right on the page it is no way affiliated with facebook and only other users who have it will see it. the one that IS malicious is a facebook app. There is a difference, unless of course you are too "stupid" to read the information posted in front of your face
That ONLY works IF others have THE SAME ADD-ON! If nobody else has the Add-On IT WILL NOT SHOW!!!!!!!!!!!!!!!!!
why is it that when someone makes a comment all of a sudden everyone has to start calling them stupid or an idiot.
If someone pastes the Java into a PC what is the effect?
Normally the script will spread the message to all of your Facebook friends – in the hope of generating more revenue for the scammer.
How in turkeys hades do they make money from this? =/
Many of these scams direct users to online surveys. The survey companies play commission for every survey that is completed.
It's "JavaScript", not "Java" which is a totally different kind of programming language.
Just thought I'd mention it as a Java programmer 🙂
http://www.htmlgoodies.com/beyond/javascript/arti…
I was so close to clicking that button just now, but then I searched it to make sure it was safe…
Facebook clearly doesn't care about peoples security since hacking it seems to be incredibly easy.
Its not the job of Facebook to instill common sense. I can understand kids clicking on links but adults? I guess there are more technological ignorant people out there than I'd like to think.
@Hobbit, I totally agree with you. Anyone who is easily fooled by it should not be using the internet.
Facebook will never post a warning, they are too interested in spamming people thru their increased ads and invading your privacy in all of their apps without your knowledge. The average FB user has no clue that every time a "like" or "share" is clicked it installs a spambot onto their computer which tracks their every move, opening the door for ads and all kinds of crap.
People need to get a life and stop posting every move they make in their lives on this social nightmare.
I accidentally clicked on this stupid thing… does anybody know if facebook can/has fixed this security hole? I got redirected to my home page. The spam hasn't shown up on any of my friends' pages, but I did hear the computer that make noises like something was being installed… ugh. Should I reinstall my OS?
are you a mac user? cause the same thing happened to me and i'm trying to find out about it online but nothings really coming up about macs and this "enable dislike button" issue…please shed some light…PLEASE SOMEBODY?
There is an add on, thru Firefox, that DOES put the "Dislike" button on for you. I've used it for 6 months+ now and the only issue I have ever had was people blocking me because I used it on their comments.
Yes, there are legitimate third-party addons which offer "Dislike" functionality, but there is no official "dislike" button.
I think a dislike button is a stupid idea… Just another way to start arguments/debates amongst users… If you don't like something and feel that strongly you need to tell someone.. use your words!
Please shed some light on whether it affects macs…there's no info about it anywhere. i hope that's a good sign
Most Facebook scams are OS-independent. The platform *is* Facebook.
Honestly? Who would really fall for this?
Wow. I totally would have clicked that if i saw it on Facebook. I am going to come to this website every single time I'm about to click on something! Whoever created this website is a genius! I actually was on Google when i saw this website, i was looking up "the Facebook dislike button" and i was about to go do it on Facebook. Wow, Thanks Graham Cluley for all of your articles. (: – Kayla
Ummm, I have it and I have had no problems with it. It is an APP that you can get on google chrome. Not to sure what this site is talking about.
Hi all,
I tried to like a photo and it appeared a window asking if I want to like or dislike.
I left this without taking any steps.
Should I warn my friend about this appearing to his pages or might that be his choice?
thanks for the explanation. it is good to see that some tricks are fake and an interesting point to study and understand social medias behaviors.
hope it would be more consistent!
There is one called di.slik.es – Dislike Button for Facebook available as an app through Google Chrome but it's not the scam that this page is talking about.
Also, di.slik.es only works if other people are on FB using Google Chrome and have the app too – otherwise they do not see any of your dislikes.
To remove:
In Facebook: Go to Account Settings > (left column) Apps > click on X across from "Enable Dislike" app
Go to Privacy Settings > Blocked People and Apps > Manage Blocking > Block Apps > Type in name of app
To remove the add-on in Firefox:
Go to Tools > Add-ons > Click on Remove button for Dislike add-on
I installed one today, was a bit iffy because I didnt have to install any other buttons…But I havent had any issues with it, I also run games so need a number of antivirus and computer protections and nothing has popped up detecting anything.
You would have to be very silly to install this – especially when the display comes up with a banner advert at the top for a Chinese website!!
At least, it did on my screen.
I did fall for this stupid dislike button, but it is not on my apps page. I did not give permission to use my information. Does that mean I was not affected by it???
Well it is an EXTERNAL APPLICATION platformming off Facebook and NOT a Facebook Application – But Graham how to report it without actually opening the blessed thing up??
how to REMOVE the App –
go in to your privacy settings by clicking on the small arrow next to HOME (top right corner)
on this page scroll down to – Ads, Aps and websites click on EDIT SETTINGS
on this page – click EDIT SETTINGS to the right of APPS YOU USE
On this page is a list of ALL the App you have added throughtout your time on facebook,
go down each app and the ones you dont use or dont know what they are, get rid of them
At the right hand side of each App just click the small x next to Edit – wait a minute till a notification comes up asking if you want to remove click REMOVE, another notification will come up letting you know it is now removed click ok
You have to do this for each App you want to remove.
Hope this helps
I admit I did click on it, but here's how you remove it: Go to the tools on the right top of your page and click on extensions and click remove. 😀 I dnt wanna virus. D:
In Google Chrome click the wrench icon on your toolbar on the far right hand side. Select Tools and you will get a drop down, select Extensions. You will see the Dislike Icon. Un-check enabled then, Click the trash can icon to the right of the enabled check box to delete this from your browser.
* Be sure to tell all of your friends to NOT click the Facebook Dislike link that it is a virus.
Share this post with your friends!
I have a limited number of Facebook friends. Each one has many, many more. Each one, etc. Is there a way to block posts of specific individuals (not Friends) that show up under my Friends' posts, without defriending anyone?
I've received a few dislike notices in the last week. I clicked 1. I didn't know it posted to my wall. I ran a virus check and nothing came up, but don't waste your time with this junk.
Do you think it’s time to revisit this topic?
We did (September 2015):
Facebook said it probably would do a “Dislike”button:
https://nakedsecurity.sophos.com/2015/09/16/ok-so-why-doesnt-facebook-have-a-dislike-button/
And then the crooks piled back in:
https://nakedsecurity.sophos.com/2015/09/21/guess-what-facebook-dislike-scams-are-back/