Hackers have flooded the Internet with virus-tainted spam that targets Facebook’s estimated 400 million users in an effort to steal banking passwords and gather other sensitive personal information.
According to anti-virus software maker McAfee Inc, the emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials . If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords.
The subject line of the scam email reads: ‘Facebook Password Reset Confirmation! Customer Support.’ McAfee advised anyone receiving the password-reset message to delete it and to not open the attachment. Source
McAfee says it is a return of a virus that has been seen before and its tracking for the past 48 hours has the security company predicting the virus will affect more than 400 million Facebook users. — Beware of Facebook virus
See an example of the email here – Facebook Password Reset Scam Threatens Computers Worldwide
- Have you received such an email and opened it?
- Has your Facebook account been hacked?
- If your account has been hacked what are you doing to rectify matters?
Related posts found in this blog:
Silverlight for Facebook
WordPress.com adds Facebook to Publicize
Importing wordpress.com post snippets into a Facebook fan page
hootsuite: cross post content to multiple WordPress accounts
izaakmak
March 18, 2010
Other than peeking in on what my friends and relatives are posting, about the only thing I do on Facebook anymore is play Fish Wrangler. But I did get infected once by clicking on a link that appeared to be part of the game. Thanks to good advise from people like you, I now have the AdBlock + add-on installed in my Firefox browser, so this isn’t as much of a problem anymore.
I mentioned the above because I always use my own links to get to a site that I received this kind of email about. But it occurs to me that if hackers can embed malicious stuff in what looks like a legitimate link on a page I went to using my own links, then what’s to stop them from bypassing the email route altogether to do the things you warn about here?
Any advise?
timethief
March 18, 2010
My advice is do not click on any referral links, pingback links or trackback links and update your anti-virus program. It’s better to make the call about whether or not to post pings and trackbacks, without clicking and delete them, than it is to suffer the consequences of clicking and opening what could be a malicious attack.
izaakmak
March 18, 2010
Thanks!
BTW, I like the way your theme gives single-line results for category selections, so I was thinking about changing over from iNove. But one thing I like about iNove is the 600px wide post body area. Do you know the specs for Vigilance? Any other things to look out for?
timethief
March 18, 2010
Vigilance has a 600 pixel maximum displayed image width http://wpbtips.wordpress.com/2009/07/23/maximum-image-width/ Here you will find more about the features http://wpbtips.wordpress.com/2009/10/09/vigilance-further-color-changes/
There is no drop-down sub-page or sub-category display option. You cannot choose to display or not display sidebars. When changing themes my advice is found here http://onecoolsitebloggingtips.com/2010/03/13/wordpress-com-blogging-changing-themes/
Christopher
March 18, 2010
Thank you so much for the heads-up! I posted on FB…
timethief
March 18, 2010
Thanks so much for spreading the word about this. Everyone needs to update their anti-virus protection and delete any emails with the said subject line.
John Rocheleau
March 18, 2010
I’ve been getting these emails regarding Facebook password reset emails for several months now. Of course I’ve never opened one. They get deleted right away. I try to block them but they keep switching domains. Maybe I’ll use a filter for that subject line and send to delete automatically. Yup I think I’ll do that right now.
Fortunately I use a Linux operating system. My virus worries are almost non-existent. Irritating all the same though.
John
timethief
March 18, 2010
Hi John,
Setting up an email filter sounds like a great idea. Thanks for sharing it. From time to time I have considered switching to Linux but then chickened out. I know there must be a learning curve involved, and I’m not all that tech inclined or tech savvy.
John Rocheleau
March 18, 2010
Hey Timethief,
You said, “I know there must be a learning curve involved,” and yeah there is. It kinda reminds me of when I owned an MGB. I always made sure I had a tool kit in the boot. :-)
I switched to Ubuntu from Windows XP Pro because my computer was getting bogged down and slow despite regular cleaning and maintenance. And I was getting tired of all the virus software, and adware software, and registry tools, and, and…..
I really like Unbuntu even though it is sometimes a challenge with certain hardware like my web cam. It is much faster operating than Windows, so my old system has an extended life because, and the security is superb because of the way it handles files and permissions. If you’re a gamer though, Linux is a bad choice.
I am anxious to see the new operating system that Google is working on. I gather that it is a Linux/Unix based system, and so it will be secure. I also gather that they are attempting to overcome the usual problem with a Linux system by negotiating with the software and hardware companies to ensure they develop compatible versions and drivers. Should be interesting.
Best,
John
timethief
March 18, 2010
I’m not a gamer. lol :D Thanks so much for the run down on Unbuntu. I really appreciate the time you took to write about your experience because you anticipated any questions I may have asked.
Rogue|Hero
March 19, 2010
This is one of the reasons why I don’t join social networking sites. I was once a member of Friendster, but after four years, I rendered it inactive. I also opened accounts in MySpace, Twitter, and Facebook, but that’s just it–I just opened accounts, I never uploaded anything on them.
I know having social networking profiles is great for increasing blog traffic, but I really am concerned about security. Remember when Facebook and Twitter were attacked and their servers were down?
I don’t know with you guys, but if you want to be spared the hassle, don’t create profile accounts.
Cheers!
Rogue|Hero
timethief
March 19, 2010
@RogueHero
I did have Facebook account early on but even way back then I was concerned about privacy and security and decided to leave.
I don’t think people realize that if you deactivate your account Facebook still has all the data that you give them on their servers even though your account is “inactive”. http://news.bbc.co.uk/1/hi/programmes/click_online/7375772.stm
In fact most social networks do not delete accounts, so before deactivating an account at any social network I recommend: removing all photos, school history, employment history, all of the personal “About Me” profile type type information like interests, favorite movies, books, music, etc as well as hometown, country, political views, religious views, groups and all contact details. As friends of friends can see “friends” it also makes good sense to delete them all as well, prior to account deactivation.
Here’s an amusing video: FaceBook In Reality – idiotsofants.com and BBC’sThe Wall
Rogue|Hero
March 19, 2010
:D
That was hilarious! It’s funny, yet makes you realize the downfalls of social networking by integrating it into real life.
Yeah, social networking services don’t offer account deletions “to protect the integrity of our names.” Like WordPress.com’s rationalization, although I find it valid and totally adhere to it. I think in Facebook, once you delete an account, you can’t make another one. So if you already have Facebook, you’re stuck with it. Now, if you consider the positive side of this, you will realize that at least, no one else can make an account in your name and use it to defame you.
You’re right, prior to making an account inactive, all photos and entries should be deleted. That’s what I did to my Friendster account, but I never deleted my friends.
It all falls down on the person, anyway. If he/she can handle the hassles of social networking, well and good. Otherwise, don’t bother.
Rogue|Hero
March 19, 2010
:D
That was hilarious! It’s funny, yet makes you realize the downfalls of social networking by integrating it into real life.
Yeah, social networking services don’t offer account deletions “to protect the integrity of our names.” Like WordPress.com’s rationalization, although I find it valid and totally adhere to it. I think in Facebook, once you delete an account, you can’t make another one. So if you already have Facebook, you’re stuck with it. Now, if you consider the positive side of this, you will realize that at least, no one else can make an account in your name and use it to defame you.
You’re right, prior to making an account inactive, all photos and entries should be deleted. That’s what I did to my Friendster account, but I never deleted my friends.
It all falls down on the person, anyway. If he/she can handle the hassles of social networking, well and good. Otherwise, don’t bother.
timethief
March 20, 2010
I laughed my sides off when I watched that video so I’m glad you enjoyed it too.
I agree with you re: wordpress.com’s decision not to recycle deleted blog URLs. Their reasoning is sound. In that case our profile information is only available to Staff, unless we choose to provide it on our blog(s).
Re: the positive side
I suppose one could register an account on every social media and social networking site and forum, and then choose not to enter any profile information, but heck, I don’t have either the time or inclination to do so.
harrythehandyman
March 22, 2010
i got this e-mail last week , but you are safe as long as you do not open it , btw , i don’t even have a facebook account , harry
timethief
March 22, 2010
@Harry,
Hello there. It’s good to hear from you. I wouldn’t be surprised if this wretched infected email is being sent all over the place. Hopefully, some will be wise enough not to open it. McAfee the security company is predicting the virus will affect more than 400 million Facebook users.
harrythehandyman
March 23, 2010
hi timethief , yes and they are taking about it on the PC site i belong to ( my link ) and i have warned all my contacts not to open it , harry
timethief
March 23, 2010
@Harry
That’s good news. :)
harrythehandyman
March 23, 2010
a follow up link to the facebook threat
http://blogs.zdnet.com/security/?p=5787&tag=nl.e550
timethief
March 23, 2010
@Harry
That was an informative read. Thanks.
dancingczars
March 29, 2010
Hi timethief: It’s me Jim again. Spent most part of the day looking for a widget for word press that would actually work as shown showing the national debt, most sites have it listed, but it’s a tag word for bogus land. Can you find anything for me? Widget bank only puts a line on the blog see right hand sidebar, http://dancingczar.wordpress.com Appreciate your help, Jim
timethief
March 29, 2010
@Jim
IMO your front page is miles too long necessitating readers to scroll and scroll. These are my recommendations:
(1) start using “the more” tag to split post content into excerpts with click to read more links
> http://en.support.wordpress.com/splitting-content/more-tag/
(2) reduce the number of posts excerpts on the front page to no more than 5 or 6 >
Dashboard > Settings > Reading
Blog pages show at most ___ posts
“Save Changes”
When it comes to widgets you can do searches and find them all over the internet. However, we cannot use widgets that contain these codes on wordpress.com blogs > http://en.support.wordpress.com/code/ So it’s up to you to locate those widgets that do not use those codes and place them in text widgets. No, I will not do this for you.
dancingczars
March 29, 2010
The limiting the number of posts is not found on the page you selected, I can send you a screen shot if you like but I guess not here. I would never expected you to look something up, thought you might have access to one that works with Word Press. Success with breaking up the post, thanks so much, didn’t know how to do that. Going back and doing about ten of them that way now. Thanks for your help, I’m Jim
timethief
March 29, 2010
@Jim
I made a mistake on the page. Here’s the correct one:
Dashboard > Settings > Reading
Blog pages show at most ___ posts
“Save Changes”