I’ve received a few messages from friends on FaceBook lately with ominous subjects and titles suggesting I should check out these funny photos or silly video with me in it. Typically, when I get those as emails and it’s from firstname.lastname@example.org I know better than to open it. But when it “comes from” a trusted source in a closed network of “friends” like FaceBook, I at least open the message. Welcome to a darn good FaceBook virus.
The message has a link in it to some GeoCities page. Now, I thought GeoCities was done and gone like AOL Member pages, but hey – maybe Greg really did post images of me doing something stupid last weekend. That’s been known to happen, and sometimes too often. Everyone’s a web publisher now, right?
When I get to the website linked in the message, I’m immediately greeted with a prompt that my Flash Player is out of date and needs to be updated. Really? I’m doing Flash stuff all the time. Pretty sure I’m in good shape, but what’s this file I’m being asked to download? “install_flash_player.exe” Well, that’s the name Adobe uses for the Flash installer. Maybe Google Chrome still thinks it needs to be updated.
I click on the link and get the Run/Save/Cancel prompt that Windows throws up. It’s then that my root suspicions are confirmed. The “Author” attribute of the file is “unknown” instead of “Adobe Systems, Inc.” as I had expected. CANCEL!
Here’s the problem. Even though I suspected this was a bad link, I got all the way to the download state. I was waiting to see who the software publisher was, but I knew to look. How many people out there are going to get taken by this virus because the link came from a friend?
Be careful out there, everyone – the same rules apply to any message sent with a link. If there’s not text/commentary along with links/files/information and it’s definitively from a trusted source, make sure you’re not clicking on everything or that you have a thorough backup and antivirus software installed. It’s ugly out there.