Sophos Cloud Optix
Have you noticed the profile pics of some of your Facebook friends have acquired a pink tinge?
Rumours have hit the social networking site that the Facebook app that turns your profile picture pink carries “keylogger malware” that can spy on your keypresses, and steal your passwords – not just from Facebook, but from online banks you may log into as well.
One warning reads as follows:
ABC News 24 just released a statement about a virus on facebook app that adds a pink tinge to your profile picture to `raise money for cancer`.
Be aware this fake third-party app installs a virus on the machine you used to access the app. Apparently its a keylogger malware that searches for bank details and passwords etc. Facebook allows keylogger in its apps to aid predictive search algorithms, and therefore the virus hasnt been picked up.
Keep a look out for any of your friends who may have fallen victim to this app. Apparently, they should be easily identifiable with a pink tinge to their profile picture.
However, the warning is balderdash. ABC News has released no such warning, the app is not malicious and we have seen no evidence that it contains a keylogger. The truth is that your Facebook friends are doing something positive – helping raise money and awareness for the fight against breast cancer.
Australian bank CUA raises funds every October for Breast Cancer Awareness Month, and this year decided to share an app that would change users’ profile pictures pink to show that they were supporting the campaign.
Remember to always get your computer security advice from a computer security company. Friends may be well-intentioned in passing on warnings, but it’s always good to check your facts before forwarding them any further.
If you want to learn about the real threats on Facebook you should join the Sophos Facebook page, where we’ll keep you up-to-date on the latest rogue applications, scams and malware attacks threatening social network users.
Thank you for your email.
Yes this is a real promotion that CUA is advertising this month.
If you have any further enquiries or requests regarding your accounts with CUA, please feel free to contact us either by telephone or by secure email. CUA Direct can be contacted on 133 282 or +617 3295 9400 between the hours of 8am and 8pm AEST, Monday to Friday or 8am and 4pm Saturday.
If your contact details have recently changed and you may not have notified us of your details including your new address, home and work telephone numbers or even your email address, please send us a secure email, call us on 133 282 or visit your local branch and we can update them for you.
*CUA's new BSB 814 282*
Regards,
Anita
Member Service Advisor
CUA Direct -eAccess
What really makes me sad is that it will result in less money being donated. I’m so tired of people who believe everything they hear.
Unfortunately you are right about less money being donated, however the blame shouldn't rest solely on folks who believe these 'stories' easily, it is more due to the actual people who have created so many real internet threats to cause the fear. The fear is not baseless in general, as it is in this specific case.
I wish people with programming talent would use it for good rather than ill…and yes, my name is Pollyanna 😉
Although it's true that the basis for the fear isn't wholly baseless, I must admit that I'm rather amazed that people will spread this kind of thing despite the *same red flags* that accompany this type of thing….
Things like the ALL CAPS, the careless bandying about, and invariable misuse, of words such as "virus", "hacker" and "malware" and, of course, the citing of reputable news outlets having made some manner of announcement, but there is NEVER a link to corroborating evidence to support the claim. All these symptoms are in *every* hoax "warning" I encounter.
I look out for my friends on Facebook when it comes to these things. A lot. It generally takes me less than 3 minutes to find a verifiable, trusted source (I usually cross-reference more than one source) to either confirm or deny such scares. The people who blindly copy & paste this type of twaddle could do exactly the same… it's not rocket science, just common sense. In fact, I'll go as far as to say it's really just laziness. If I had a dollar for every time someone told me they reposted something on Facebook "just in case it was true", I'd be buying everyone at Sophos a very nice lunch (with an open bar, because that would be funny).
In the end though, you can lead a Facebooker to reason, but you can't make him think, and I see the same people making the same stupid mistakes over and over, no matter how many times I point out the same errors to them. It appears that for some of us, we're going to have to just continue to be the guiding beacons on the cybershores, guiding the wayward…. Either that, or throw our hands in the air and run away. Screaming.
I think there is some confusion with the colored profiles and I am trying to get a straight answer. Here is a well known tech blog that claims that it is a scam: http://www.huffingtonpost.com/2012/01/12/facebook…
Who is right or are you guys talking about two different things?
You – and the Huffington Post – are talking about this scam:
http://nakedsecurity.sophos.com/2012/01/11/turn-f…