Facebook virus
A new round of Facebook viruses are being sent through direct messages, often with the subject line of “You Tube”.
If you have received a message containing a strange URL and a subject of “You Tube,” it will more than likely contain a malicious virus. [Update] This may be a new form of the koobface worm.
Fixing Your Infected Facebook Account
Message containing the virus site
This virus does not look to be connected to the popular k00bface worm, but it is the result of individuals providing their Facebook account information to people. If your account is currently sending this message to people you need to do the following.
Change your password associated with Facebook and if the e-mail address you use to login to Facebook uses the same password, change that immediately as well. Ensure that there has not been any new e-mail addresses registered to your account and your secret question has not been changed. Often times phishing schemes will fake a Facebook login and steal this information, they will then change it so they can continue to get into your account.
The body of the message will show the following URL: http://2915654273/index.html/
Don’t go to that site, but if you do, especially do not download the file.
The virus link will also appear on their wall.
If you have already gone to the site and accidentally downloaded the setup.exe file, immediately run a virus scan. An up-to-date virus client should be able to remove any threats or catch it before the setup.exe file is installed.
Website of the You Tube Virus
About The “You Tube” Virus
The “You Tube” virus is the results of a phishing scheme, which often occurs when an unsuspecting person inputs their Facebook account information into a fake Facebook site. It’s very simply to create a fake Facebook page and anyone can do it.
If you go to a site that claims to be Facebook and there are strange things in the home page’s URL like “www.facebook.supercool.com that is really on the www.supercool.com domain. If you put your information into a phishing site like that, it would immediately give access to your account to anyone associated with the www.supercool.com site.
If you notice in the screen shot of the “You Tube” virus, there is a fake looking version of YouTube. There is also a pop up window suggesting you download the newest version of Flash, which in fact will install the malicious virus as well. In fact if you click any single place on the page it will pop up a window for you to download the virus. If you or a person you know is stuck on the site, hold down “ALT” and press F4. This will immediately close that window.
You may also be seeing the following message on the site after you click on the link,
“El servidor recibió información inválida por parte del servidor destino
The server received an invalid response from an upstream server”
That means their server is currently bouncing from Website to Website to make it harder to find the owner. It also means that there is a large amount of traffic going to this site, which means many more people may be harmed by this virus.
