So this morning a friend of mine sent me a bunch of messages on facebook, claiming that I was caught doing some funny stuff on video (entirely possible really):
By now I was suspicious, cause Amin doesn’t actually type messages out like a teenage girl (for the most part). So I clicked the link, and found this page next:
This is brilliant! A message that you need to update your Flash Player, very common for new installs of Windows. What makes it more convincing is the comments list — people from my Friends List, and that of the original victim appear to be egging me on to download the Flash Update and install it!
I suspect I’m going to be getting an increased number of desperate please for help within the next few days from people who worry if their antics have been caught on video, and as a result upgraded their Flash Player. Sigh.
UPDATE: Thanks to Sophie Hamilton, I have more info on it at Malware City.
Wow, I probably would have fallen for this.
Thanks for the heads up and you’re right, its really convincing!
hlp me remove the facebook virus
The weirdest thing about this virus is that if you have Avast! installed, then after you’re infected the virus will pop up a message about Avast being in “Enhanced Protection Mode” with poor English. ( http://forum.avast.com/index.php?topic=81972.0 ) I wonder why it does this; presumably it would have been much more effective if it hadn’t popped anything up at all.
(oh, and hi – I found your blog while Googling around for this virus. I didn’t catch it myself, but I saw others had on the Avast forums.)
I found another page with a lot more information on this: http://www.malwarecity.com/blog/trojanfakeavlvt-plays-you-like-in-movies-1114.html
this is obviously visible…
youtube put a comma in the viewed number 23,456 not 23456 flash player normally auto updates the link on facebook was a ip address if it was youtube they would share a link or use the real link.
if in doubt compare with the real thing!!!