Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook Malware Goes Viral

samzenpus posted more than 2 years ago | from the spreading-the-bad-news dept.

Facebook 123

itwbennett writes "Just a few hours after a fake CNN news report appeared on Facebook Friday, more than 60,000 users had gone to the spoofed, malware bearing page according to Sophos Senior Security Advisor Chester Wisniewski. Facebook didn't respond to IDG News Service's request for information on 'how widespread the problem was or whether its own security had been breached, but Wisniewski said that there are a number of ways that status updates could appear without users' knowledge.'"

cancel ×

123 comments

Sorry! There are no comments related to the filter you selected.

Hopefully lots of stuff of value was lost (5, Insightful)

Khyber (864651) | more than 2 years ago | (#38939169)

Maybe that'll teach people to be more wary about random links they see.

Re:Hopefully lots of stuff of value was lost (1, Insightful)

BitterOak (537666) | more than 2 years ago | (#38939179)

Maybe that'll teach people to be more wary about random links they see.

And I suppose you hope lots of houses burn down too, so that people will clean the lint traps in their dryers more frequently.

Re:Hopefully lots of stuff of value was lost (0, Funny)

Anonymous Coward | more than 2 years ago | (#38939215)

Nope they better check to make sure their firewalls are up to date didn't you hear them computer hackers can turn your computers into some of them fancy bombs just by connecting to this "net" infrastructure thing they got going on created by this Al Gore guy. Bet he's real sorry now, I just saw him on FOX and I bet he is on them there top ten wanted list, not quite sure as I was too busy cleaning this here gun and dang near forgot to turn on the safety. Funny thing is them things can go off sometimes when you clean them, no one quite knows why.

Re:Hopefully lots of stuff of value was lost (2)

operagost (62405) | more than 2 years ago | (#38943213)

Why the hell would a redneck use the word "infrastructure"? And having the safety on while cleaning your gun is like putting your car in park before you remove the transmission.

Re:Hopefully lots of stuff of value was lost (-1, Offtopic)

Khyber (864651) | more than 2 years ago | (#38939339)

"And I suppose you hope lots of houses burn down too, so that people will clean the lint traps in their dryers more frequently."

Actually, yes, I do. If you can't be bothered to properly maintain something you own that can pose a serious hazard if not maintained, you deserve to have it fuck up and possibly destroy your life. Willful Ignorance is not an excuse.

Re:Hopefully lots of stuff of value was lost (-1)

Anonymous Coward | more than 2 years ago | (#38939429)

I hope that the next chunk of poisoned through preservatives, processed meat-by-products is the one that chokes you because you did not masticate it at least 20 times before attempting to swallow it.

Re:Hopefully lots of stuff of value was lost (-1)

Anonymous Coward | more than 2 years ago | (#38939775)

That won't happen to me either - I clean my lint traps and chew my food. Now go away you lint covered, gagging hippy!

Re:Hopefully lots of stuff of value was lost (-1)

Anonymous Coward | more than 2 years ago | (#38939671)

someone needs a shag and chill out

Re:Hopefully lots of stuff of value was lost (-1)

Anonymous Coward | more than 2 years ago | (#38940055)

Cheap troll.

Re:Hopefully lots of stuff of value was lost (0)

Anonymous Coward | more than 2 years ago | (#38940067)

sure, if they're facebook users.

Re:Hopefully lots of stuff of value was lost (0)

slackware 3.6 (2524328) | more than 2 years ago | (#38939207)

Well they have not learnt yet. So I doubt this taught them anything. Or like my stupid relatives that keep falling for your computer is infected with *random crap* please enter your credit card to remove *random crap*. A co worker even fell for it and he was using Ubuntu 7.10 If I remember.

Re:Hopefully lots of stuff of value was lost (5, Funny)

rhook (943951) | more than 2 years ago | (#38939665)

I have a bridge for sale in Brooklyn that they might be interested in. Cheap.

Re:Hopefully lots of stuff of value was lost (1)

TheDarkMaster (1292526) | more than 2 years ago | (#38940307)

Do you accept checks? :)

Re:Hopefully lots of stuff of value was lost (1)

AverageWindowsUser (2537474) | more than 2 years ago | (#38942257)

Isn't it odd that sending emails is free, yet wire-transfers cost a fee? I think email communications are more processor intensive than the latter. Tally Ho Old Chaps!

Re:Hopefully lots of stuff of value was lost (1)

TheDarkMaster (1292526) | more than 2 years ago | (#38942419)

Not exactly. Send an e-mail is not free, you need to pay an internet connection to do that. Wire-transfer is more or less the same thing, but you pay for sending service instead of paying to access the transmission medium.

Re:Hopefully lots of stuff of value was lost (0)

AverageWindowsUser (2537474) | more than 2 years ago | (#38942955)

Email is free for inner city black men with Library Cards.

Re:Hopefully lots of stuff of value was lost (1)

Roberticus (1237374) | more than 2 years ago | (#38941877)

Link?

Re:Hopefully lots of stuff of value was lost (1)

Dunbal (464142) | more than 2 years ago | (#38940303)

Quick, buy facebook stock!

Re:Hopefully lots of stuff of value was lost (5, Insightful)

bogaboga (793279) | more than 2 years ago | (#38939221)

Maybe that'll teach people to be more wary about random links they see.

Some people might call you a sadist, unfortunately. In my case though, I hope Slashdot will not 'force' us to use Facebook login...or whatever they call it.

This is because I do not have a Facebook account and do not intend to get one. Do not call me weird. People at work have called me names for not having a Facebook account.

Here is my reason for not having one: Having a Facebook account adds no value to me at all, save for inviting unwanted folks I have always loved to avoid into my life. Besides, I am too busy for Face-book anyway.

Re:Hopefully lots of stuff of value was lost (5, Insightful)

mikeburke (683778) | more than 2 years ago | (#38939279)

Besides, I am too busy for Face-book anyway.

Yes, these posts on Slashdot will wait for no man... can't these people see I'm busy?

Re:Hopefully lots of stuff of value was lost (4, Interesting)

mlts (1038732) | more than 2 years ago | (#38939325)

When I was in the job market, I lost potential jobs for not having a FB account.

With the fact that there is concern about deleted stuff not really being deleted, people searching profiles for anything (where a bad joke reposted can get someone flagged as a racist or gun nut for 7 years), using FB as a communication tool for anything other than the latest cat meme is out of the question.

I sometimes wonder about someone coming up with a paid membership site (so the subscribers are the true customers) for social networking where only the parties involved (and possibly LEOs) are the only ones privy to information posted and shared. Combine that, plus having data erased after a forensically apt period of time (30 days after it was deleted by the user), and this would be an actually useful service.

Re:Hopefully lots of stuff of value was lost (5, Insightful)

tlhIngan (30335) | more than 2 years ago | (#38939521)

When I was in the job market, I lost potential jobs for not having a FB account.

With the fact that there is concern about deleted stuff not really being deleted, people searching profiles for anything (where a bad joke reposted can get someone flagged as a racist or gun nut for 7 years), using FB as a communication tool for anything other than the latest cat meme is out of the question.

So use Facebook as I use it - very carefully.

I put up a very minimal profile (Facebook may ask for a ton of information, but they require very little). Put up a neutral profile pic, and don't bother uploading any more photos.

Then accept friends with caution. There is no law saying you have to friend every real life friend on Facebook. I don't - in fact, I have probably 8-10 people on my "requesting to friend you" list. They are people I know in real life, but to whom I don't really care about. No one said you have to have a million "friends" in your friend list, or accept every invitation.

I also set all the controls so my friends can't do anything like tag me or such. And I don't post my every whim/though/status update there. Actually, I don't bother posting at all - it's just a token account I use to control my online identity. (I also don't spend more than a few minutes every few months).

There's no reason one can't have a facebook account, nor any law requiring one spend hours on the site - just set up a minimal profile, carefully choose your friends, and watch what you post (remember that everything you post online the entire world can see, regardless of privacy settings - so treat every post as a public blog post or comment on a website that everyone can see).

The real challenge though is the dancing pigs [wikipedia.org] problem, which most people on facebook seem vulnerable to.

Not a solution (3, Insightful)

happyhamster (134378) | more than 2 years ago | (#38939739)

Why should I have to set up an account at a private website just to get a job? This is ridiculous. No matter how little info one has to divulge, why? By what right? I know that the companies doing this are stupid and I would not want to work for them under normal circumstances. But the economy is in the gutter, and sometimes you have to grab the first job coming (regardless of some jokers here claiming that "there are plenty of dev jobs out there"). Hiring has become so ridiculous lately that the government needs to step in and freaking regulate the process! Just have a standardized process. All the stupid gotcha interviews, dick measuring contests, "puzzle" bs, and now having to have a freaking facebook account are utterly ridiculous. The business has clearly shown they cannot act as adults and cannot be trusted. Government should step in and set some sensible rules.

Re:Not a solution (-1)

Anonymous Coward | more than 2 years ago | (#38939819)

Government should step in and set some sensible rules.

You've never worked in the government or closely with one, have you? Why do you blindly trust any government when there's shit tons of evidence that they are either corrupt, incompetent, or both? Man up and start your own business if you think you can do better.

Re:Not a solution (-1)

Anonymous Coward | more than 2 years ago | (#38940273)

Sorry, that's the shittiest fucking excuse for anything I've ever heard. I would start a business, only I can't randomly pull money out of my ass, so why don't you blow it out yours you retarded right wing douchnozzle.

Re:Not a solution (1)

satuon (1822492) | more than 2 years ago | (#38940293)

Hiring has become so ridiculous lately that the government needs to step in and freaking regulate the process! Just have a standardized process.

Sure. Let the government choose who they hire. So long as the governent then shells out the money to pay your wages, too.

Re:Not a solution (1)

Ihmhi (1206036) | more than 2 years ago | (#38940321)

Because in this economy, there are more than a few companies that will completely dismiss you for missing one or two trivial things. There's a hundred people lined up at the doorway to replace you.

Re:Not a solution (0)

Anonymous Coward | more than 2 years ago | (#38940375)

The current HR labyrinth sucks, and there is certainly a case for limiting what companies can ask - in the EU, it's technically illegal to ask about certain private things, or discriminate based on race, gender or sexual preference (although that's frequently ignored, and there's not a lot you can do about it).

Having said that, railing against things you can't change isn't a good interview technique. For your sake I hope you don't come across this way when looking for work. Being in any way unhelpful, difficult or awkward will get your CV sent to the circular file immediately. Make a blank FB account, jump through their stupid hoops and get in the door. It may be that the guys you would be working with are great, and know full well the HR process is stupid but can't do anything about it, so don't be put off by HR shenanigans.

Re:Not a solution (2)

flappinbooger (574405) | more than 2 years ago | (#38940831)

Welcome to 2012. The people who are potentially hiring you are too lazy or stupid to do things "the old fashioned way" so they want to see if you are also stupid; stupid enough to post pictures of yourself wasted with sharpie outlines of genitalia on your face.

The problem comes with the phenomenon of "tagging" where if someone ELSE who has abovementioned sharpie pictures of you can post them, tag YOU, and then they end up on YOUR page.

Like I said, welcome to 2012.

Re:Not a solution (2)

kingturkey (930819) | more than 2 years ago | (#38943543)

Unless of course you set your settings to not allow tagging or just simply remove the unwanted tags. Or you could even request that the owner take down the photo if it's so embarrassing, and assuming they're not an adolescent they'd probably do it.

The hatred for Facebook here on Slashdot is really quite absurd, and not just a little ironic as well, given that people here usually criticize others for not understanding technology.

You can set the privacy settings how you want, sure they have defaulted to public in the past, but who here uses the default settings on anything without looking at the other options first anyway (and with government attention now they probably won't be making the same mistakes again)?

Certainly it can be a source of problems, but that's really only if you're stupid enough to share things that shouldn't be shared with a wider audience than appropriate. Think about what you share and who you share it with (normally a mantra for the /. crowd!) and you won't have any problems.

What you will have is a platform to connect with people you otherwise would be interested in but may not have the time/inclination to reach out to, a more efficient way of keeping up with those who you would have contacted by other means and an interesting way to pass time when you don't have anything to do/are procrastinating.

As for the "you are the product" people, well there's not much to do about them. You are correct, but also paranoid, egocentric and absurd. That's how the internet provides you with free content: ads. Targeted ads are more valuable so Google, Facebook etc collect data about you in order to provide you with ads.

What they don't do is sell your information, nor does anybody read it. Nobody gives a shit that you looked at looked at example.com or did a search for abc, or 'liked' a particular page. Nobody is sitting in a server room at Facebook jerking off to your "private" (read: incredibly mundane) data, you thinking that is just egotistical. The only thing that cares about it is their ad-targeting algorithms.

Re:Not a solution (0)

Anonymous Coward | more than 2 years ago | (#38941583)

There is the rub:

The differences between government and business are eroding: Quite increasingly, regulations are not aimed at business, but for business.

If you get government stepping in for "sensible rules", it will mean that there will be mandated access to FB profiles to employees by companies (for "security reasons"), and things like no poaching agreements will be law (where an employer cannot hire someone for a higher salary or benefits than the employee had at their previous job.)

I wouldn't mind sensible rules, but not with this type of government we have now, the people pushing SOPA, PIPA, CIOCA, ACTA, and other crap, while completely ignoring the problems with a deregulated banking industry.

Re:Hopefully lots of stuff of value was lost (4, Interesting)

flimflammer (956759) | more than 2 years ago | (#38940073)

If you lost potential jobs by not having a facebook account, then you did not want to work there anyway. They just wanted you to do their research for them by divulging every detail of your life on facebook so they could go through it and nitpick every little comment and picture in your account.

Re:Hopefully lots of stuff of value was lost (3, Insightful)

MysteriousPreacher (702266) | more than 2 years ago | (#38940639)

Or it's their preferred medium for contact/managing relationships. Another possibility is that it's just be one an expectation - like having an email address, website, business card or fax number would have been.

I personally don't like this. Facebook for me is a personal thing, not something I'd like to use for business. If they ask Facebook, I'd have to ask why? If its for contact, then use email, phone or LinkedIn, or smoke signals for all I care. Thry may just as well be asking for my girlfrirnd's mobile number.

Re:Hopefully lots of stuff of value was lost (0)

Anonymous Coward | more than 2 years ago | (#38941525)

You haven't searched for work in this economy. Yes, there are employers who don't care what their employees do in their spare time, but their positions are usually obtained by word of mouth. First class employers usually have their workers either via internships, or the good ol' boy network. By the time stuff gets to the headhunters or the job sites, it is usually the picked over jobs; the jobs that the chat at the local watering hole can't fill, and they can't find anyone with the most important certification that is needed in the workforce to hire [1]. These are jobs that either require special expertise (Solaris, AIX or other production operating systems, Linux certs like the RHCE are worthless unless you want a 24/7 tech support job at some ISP for minimum wage.)

So, usually you will get the employers who now have a stack of hundreds to thousands of candidates for a position. By demanding FB info, it is a filter. Plus, they can filter people who might be "deviant" (nightclub DJ, tattoo artist) and not up to corporate PR standards. Remember: In this economy, even Wally World has a line going around the building for a greeter position.

[1]: Ralistically, most certs ( CCIE, CISSP, MC-ITP, et. al.) come secondary to the one qualification that employers care about: The H-1B.

Re:Hopefully lots of stuff of value was lost (1)

flimflammer (956759) | more than 2 years ago | (#38942055)

That was my whole point; they want to use it to analyze your life. It's basically a gold mine of information regarding your potential hire. However filtering out people completely who don't have it is lazy. Not everyone wants to broadcast their life online, and it makes little sense to force them to just to save yourself some time. Facebook is not the only way to find information on potential hires.

I will never agree with a filter based on whether or not someone has Facebook or not.

Re:Hopefully lots of stuff of value was lost (2)

debiankicksass (2472726) | more than 2 years ago | (#38939569)

I prefer real friends myself and therefore do not have a facebook either.

Re:Hopefully lots of stuff of value was lost (0)

Anonymous Coward | more than 2 years ago | (#38941023)

Wow, I didn't think there was anyone else out there like me...

Re:Hopefully lots of stuff of value was lost (1)

iMadeGhostzilla (1851560) | more than 2 years ago | (#38942727)

To be more precise, you *imagine* that having a FB account adds no value to you at all. You ran a quick simulation in your head in which the experience felt awful and without value, and you decided that such would be the reality if you were on FB.

But humans are notoriously bad about mentally simulating the future in order to find out how they'd feel, for nontrivial things. (Lots of good research on that one.) So if lots of your friends and peers tell you the experience is not bad, there's a good chance you're wrong.

Re:Hopefully lots of stuff of value was lost (0)

Anonymous Coward | more than 2 years ago | (#38943139)

You are not alone. Billions of us do not have a facebook account.

Re:Hopefully lots of stuff of value was lost (1)

Anonymous Coward | more than 2 years ago | (#38939223)

Well people dont even on sites that claim to be "superior' sites like Slashdot. This is why the Goatse trolls are still in business and have massive lemon parties every week.

Re:Hopefully lots of stuff of value was lost (-1, Offtopic)

ToThoseOfUs (2377416) | more than 2 years ago | (#38939269)

posting to remove my error in moderation

Re:Hopefully lots of stuff of value was lost (-1, Flamebait)

Zontar The Mindless (9002) | more than 2 years ago | (#38939579)

posting to remove my error in moderation

And someone else just couldn't stand not burning up on one of their own mod points to keep yours company. Surely they weren't being petty or spiteful or mean-spirited or just plain old stupid... Surely not one of those microcephalic "Meta = Off-Topic" types whose handiwork around here is sometimes all too obvious. You know, the ones who like to pull out quotes from The Fountainhead or talk about how they're gonna show true love for their kids by beating the hell out of them, or whatever, thinking it impresses people.

(Yeah, yeah. Go right ahead, mongchop, hit me with your best shot, you know you *really* want to. Not worried much since I've likely got more karma than you've had hot dinners.)

Re:Hopefully lots of stuff of value was lost (0)

Anonymous Coward | more than 2 years ago | (#38939827)

posting to remove my error in moderation

And someone else just couldn't stand not burning up on one of their own mod points to keep yours company.

It is the correct thing to do, since his post was off-topic, as was yours (and mine also but I'm posting AC on purpose). Slashdot is all about the comments and the discussion and moderating off-topic comments down is not a bad thing. Technically, if you mis-moderate and want to cancel it then you don't need to post a reply to the comment that you moderated, you just need to post a comment to the discussion. Reply to the story and your moderation will be cancelled, but your comment will appear down at the bottom and nobody will care about it, since if the story is popular it will be pushed off the front page pretty quickly. Nobody wants to read "posting to remove mis-moderation" at the top of the front page, mongchops.

Re:Hopefully lots of stuff of value was lost (0)

Anonymous Coward | more than 2 years ago | (#38939901)

They're your mod points--waste 'em any way you like. Just so we don't have to fucking hear about it.

(Can someone please mod the parent down? I'm sure he'd agree it was the right thing to do. Thanks!)

Re:Hopefully lots of stuff of value was lost (0)

Anonymous Coward | more than 2 years ago | (#38940915)

"posting to remove my error in moderation" type posts take less than 1/2 a sec to skip over. I've accidentally up-ranked a troll because of a miss-click, more than once.

Someone tries to correct a mistake and you think they should be punished. I would hate to be one of your kids.

Re:Hopefully lots of stuff of value was lost (1)

flimflammer (956759) | more than 2 years ago | (#38940097)

Having a bad day?

Re:Hopefully lots of stuff of value was lost (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38939903)

Maybe that'll teach people to be more wary about random links they see.

Not really directed at you, as such, but... When did we accept that clicking on a link is a dangerous operation? I mean, sure, there's a risk you might end up at goatse or whatnot, but are browsers and web devs really so utterly incompetent that simply fetching a page from a dubious domain counts as head-slapping user error? It's really not that long since browsing the web was fairly safe, at least to the extent that if you didn't download and run random .exes it wouldn't break your computer. Most users expect that it still is and, frankly, they're right to have that expectation.

Or, to put it another way: the user can bork your security model just by clicking on a link, the problem is with the security model rather than with the user.

Re:Hopefully lots of stuff of value was lost (2)

azalin (67640) | more than 2 years ago | (#38940881)

Amen. If just clicking a link (compared to "do you really want to install this potentially dangerous software") results in an infection there is something deeply wrong. Browsers (or even the Fb API) should shield users from something like this, or be considered defective.
I have seen parts of the internet where normal eye bleach wouldn't have helped anymore, but if we couldn't just go out and explore, the web wouldn't be the same anymore.
Of course once users carelessly click through the warnings, it's time for the iron cluebat.

Re:Hopefully lots of stuff of value was lost (1)

azalin (67640) | more than 2 years ago | (#38940955)

of course anyone clicking "update flash player" from any other location than the original website deserves it.

Re:Hopefully lots of stuff of value was lost (3, Insightful)

hairyfeet (841228) | more than 2 years ago | (#38939929)

Maybe it will also teach them to have a browser that actually blocks that crap like Comodo Dragon, along with having a good free AV like Avast or Comodo that will sandbox and try to minimize their own rampant stupidity?

Just another example of what I predict all malware of the future will be, simple social engineering to exploit the PEBKAC for personal gain. Frankly here at the shop i can't even remember the last time i saw a malware driveby bug, even on XP, its all PEBKAC trolling now. The truly sad part is no matter how many times you warn them there are a percentage that will ignore you or even be downright hostile to you if you try to keep them from getting infected if it involves them not getting the real or imagined cookie the malware writers offer. I have seen this myself when i threatened to call the cops and had to throw a guy out of my shop for wanting his PC fixed for free after he got infected not 24 hours after getting it from me. What did I do wrong to cause such a short turnaround? not a damned thing, after i told the guy that Limewire had been shut down by the feds years ago and anything calling itself "the new limewire" would just be a virus he went home and when his AV wouldn't let him have his "New limewire" he first tried disabling it and then uninstalled it, all so he could have a fake limewire that was nothing but a trojan delivery package.

When you are dealing with THAT level of stupid selfcenteredness frankly it doesn't matter if it is Windows or Linux, if its Android or iOS, all you have to do is dangle the right cookie in front of their faces and they will be downright hostile to anything that tries to keep them from their goal, no matter how many time you expressly warn them that the only cookie they'll be getting is some malware writer blowing his cookies all over their computer. But as long as the user has the rights to control his system you will be dealing with a section of them that don't think, a section of them that are downright greedy and will fall for anything that appeals to that greed, a section of them that only think with the little head that will happily do anything you want as long as your offer includes their fetish, and finally a section of users that are just DUMB, stupid ignorant, clueless and have no intention of learning shit, just good old fashioned idiots.

this is a perfect example, how many times have we seen this exact same shit pulled? How many times has FB warned them about just clicking on random shit that asks them to install anything? yet here we are, thousands of machines pwned by people so fucking retarded they probably shouldn't have been on them in the first place.

Re:Hopefully lots of stuff of value was lost (0)

Anonymous Coward | more than 2 years ago | (#38940113)

Maybe that'll teach people to be more wary about random links they see.

Not only that, but I have a feeling most of those 60K people either have an axe to grind with Obama, or with the US in general, and are desperately seeking reinforcement of any batshit crazy idea that gets reported.

Re:Hopefully lots of stuff of value was lost (4, Funny)

Lumpy (12016) | more than 2 years ago | (#38940399)

"Maybe that'll teach people to be more wary about random links they see."

No, no it wont. I have worked in IT for 12 years and was happy to escape it 6 years ago. I still see that even today, the average user gleefully clicks on any link they see. I think most users think the internet is a giant game of whack a mole.

Re:Hopefully lots of stuff of value was lost (1)

ahadley (665625) | more than 2 years ago | (#38942401)

It would seem like an amusing moment to prove the point by offer a slightly obscured link to goatse... but I can't bring myself to check if it still exists... anyone brave around?!

Re:Hopefully lots of stuff of value was lost (0)

Anonymous Coward | more than 2 years ago | (#38941811)

Last I heard, Facebook is Malware. A great information sieve that sells your identity to the highest bidder.

Windows malware doesn't go viral (2)

dgharmon (2564621) | more than 2 years ago | (#38939219)

Technically speaking malware can't go viral, as in malware requires action by the enduser. It should be pointed out that only users of Facebook and 'Adobe Flash` running on Microsoft are suseptable to this vulnerability.

Re:Windows malware doesn't go viral (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38939233)

does a viral video not also require some action by the end-user?

Re:Windows malware doesn't go viral (-1)

Anonymous Coward | more than 2 years ago | (#38939315)

and HIV

Re:Windows malware doesn't go viral (1)

dgharmon (2564621) | more than 2 years ago | (#38939333)

"does a viral video not also require some action by the end-user?

In that case the video isn't a virus or even malware, more like a social engineering exploit. Technical terms have a more rigid definition that language used in casual conversion. I have seen the terms virus, worm and malware mixed-up, even in technical reports.
--

"When I use a word, it means just what I choose it to mean"

Re:Windows malware doesn't go viral (1)

DI4BL0S (1399393) | more than 2 years ago | (#38939321)

It should be pointed out that only users of Facebook and 'Adobe Flash` running on Microsoft are suseptable to this vulnerability.

If these users don't already by default black plug-ins from running, but then again I would think those are the users that do not click random links

Re:Windows malware doesn't go viral (5, Insightful)

bmo (77928) | more than 2 years ago | (#38939417)

>It should be pointed out that only users of Facebook and 'Adobe Flash` running on Microsoft are suseptable to this vulnerability.

Actually, it's the people in the Windows world who have been taught by the likes of Adobe and such that the normal way to install software is when you encounter a site that requires some special codec, that you install it straight away without question.

Flash itself is not the problem, it's the behavior of users who have been taught wrong in the Windows universe.

In sane environments, you look for trusted sources for software before blindly clicking on a web page. The Free Software world teaches people to look in the trusted repositories first (bsd ports system, debian packages, gentoo portage, etc) before downloading random binary code and running it willy-nilly.

--
BMO

Re:Windows malware doesn't go viral (-1, Redundant)

Zontar The Mindless (9002) | more than 2 years ago | (#38939615)

>It should be pointed out that only users of Facebook and 'Adobe Flash` running on Microsoft are suseptable to this vulnerability.

Actually, it's the people in the Windows world who have been taught by the likes of Adobe and such that the normal way to install software is when you encounter a site that requires some special codec, that you install it straight away without question.

...

In sane environments, you look for trusted sources for software before blindly clicking on a web page. The Free Software world teaches people to look in the trusted repositories first (bsd ports system, debian packages, gentoo portage, etc) before downloading random binary code...

+6, Insightful.

Re:Windows malware doesn't go viral (0)

perryizgr8 (1370173) | more than 2 years ago | (#38939771)

it should be pointed out that a similar thing is happening in android with regards to app permissions.

Re:Windows malware doesn't go viral (1)

ShakaUVM (157947) | more than 2 years ago | (#38939965)

Eh, there's a fair amount of pushback on this.

Was looking at getting a dice roller on my phone, and one of the free apps I was looking at had a number of 1-star ratings because the dice roller needed access to dialing out, the internet, and who-knows-what-else.

The author of the app just put up an apologetic, "We need all those permissions on this app to get Google Ads to work", without bothering to fix the underlying cause. He didn't need all the permissions he was asking for.

A friend of mine gave an interesting talk on the subject of Android security at Defcon:
https://media.defcon.org/dc-19/presentations/O'Neil-Chin/DEFCON-19-O'Neil-Chin-Google-Android.pdf [defcon.org]

Re:Windows malware doesn't go viral (1)

Anonymous Coward | more than 2 years ago | (#38940143)

Technically speaking malware can't go viral, as in malware requires action by the enduser.

It is sad that you even got a single upvote.

Malware is a generic term used for ANY kind of malicious software. Malware which requires user interaction is called a Trojan Horse. A Virus is malware which spreads copies of itself by attaching or otherwise altering code in other applications. A Worm is malware which will replicate itself by mean other than "infecting" an existing file, and instead of making copies will 'move' itself to different locations. There are other types including rootkits, logic bombs, and more. And these days, many types of Malware are a hybrid or combination of one or more of the above methods.

It should be pointed out that only users of Facebook and 'Adobe Flash` running on Microsoft are suseptable to this vulnerability.

Apple's Marketing group uses the narrow definition of Virus, knowing that most people see that word and think "malware" instead. The most common form of malware on ANY platform these days is a Trojan, which then usually drops a rootkit, keylogger, and/or other types of malicious software.

From the article:

"The malware - which Sophos detects as Troj/Rootkit-KK - drops a rootkit called Troj/Rootkit-JV onto your Windows computer. In addition, Sophos detects the behaviour of the malware as HPsus/FakeAV-J.

The delivery mechanism is a Trojan, which ANY platform is at risk from. In this specific case, the payload it drops only targets Windows systems. But by the time I typed this, whoever launched the site could have easily added a version to target Mac, Linux, or any other OS.

Don't be a fool- Malicious Software is a very real risk on ALL platforms, not just Windows.

dear (-1)

Anonymous Coward | more than 2 years ago | (#38939237)

salam kenal www.rumahtenuntroso.com

Clicking links! (2)

sd4f (1891894) | more than 2 years ago | (#38939257)

It would be terribly ironic if the links in the post went to said malware sites. Getting more and more happier that i don't use facebook anyway. The problem i have though, a lot of malware is obvious that it's malware, usually by disabling you from doing certain things, like viewing hidden files, or even letting you run process explorer (which has helped me overcome virus' in the past, enough so that i could backup stuff and reinstall the OS) but what i'm worried about are the virus' which don't show themselves, considering the bad virus' i've gotten in the past have ranged from suspect sites, to trusted sites that became hacked and had the malware loaded on.

Re:Clicking links! (0)

Anonymous Coward | more than 2 years ago | (#38939479)

It would be terribly ironic if the links in the post went to said malware sites.

Nah, this is /. - those who don't use Chromium use Lynx.

Re:Clicking links! (1)

semi-extrinsic (1997002) | more than 2 years ago | (#38939895)

Meh. Lynx is for old farts, we use Uzbl instead - the only browser that adheres to the Unix philosophy of "Do one thing, and do it well". If I want pure text, I browse gophernet, which gives me the infinite speed I expect.

It must be hell out there, with that weather... (5, Funny)

SeaFox (739806) | more than 2 years ago | (#38939291)

Was anyone else amused the news article is titled "U.S. Attacks Iran and Saudi Arabia", but the video thumbnail shows tanks driving through snow?

Re:It must be hell out there, with that weather... (5, Funny)

Anonymous Coward | more than 2 years ago | (#38939453)

It's not snow but rather, cocaine. Explains the madness going on in those countries.

Re:It must be hell out there, with that weather... (1)

Mnicus (2025862) | more than 2 years ago | (#38939727)

Was anyone else amused the news article is titled "U.S. Attacks Iran and Saudi Arabia", but the video thumbnail shows tanks driving through snow?

While I too found this observation funny, they sometimes do have "winters" in Iran. Google "snow in Tehran" for collection of beautiful pictures.

Re:It must be hell out there, with that weather... (1)

SeaFox (739806) | more than 2 years ago | (#38940493)

Well, there's also the stop sign at the corner of the street, too.

Re:It must be hell out there, with that weather... (1)

Pieroxy (222434) | more than 2 years ago | (#38940167)

Was anyone else amused the news article is titled "U.S. Attacks Iran and Saudi Arabia", but the video thumbnail shows tanks driving through snow?

Well, no. Maybe because it's winter out there too, so snow is to be expected.

Bad advice in article (5, Insightful)

Nebulo (29412) | more than 2 years ago | (#38939297)

The article states, "Of course there is no such Flash update. You should always download Flash from a genuine Adobe site."

This is poor advice. I would suggest, "Flash should never be installed on anyone's computer, ever."

nebulo

^ right here (1)

tkprit (8581) | more than 2 years ago | (#38939367)

mod up

Re:Bad advice in article (2)

perryizgr8 (1370173) | more than 2 years ago | (#38939783)

and youtube can go fuck itself, right?? because the html5 player still can't play shit, even on chrome.

Re:Bad advice in article (2)

satuon (1822492) | more than 2 years ago | (#38940335)

Actually that's not true. At least on Chrome, Youtube's HTML5 has true fullscreen (finally). I had been expecting them to do it since they own both Youtube and Chrome, so they can work on both sides of the equation. Now when you click the fullscreen button, the browser also goes fullscreen (as if you also hit F11). This makes HTML5 for all practical purposes equivalent to Flash, now.

Re:Bad advice in article (1)

perryizgr8 (1370173) | more than 2 years ago | (#38940601)

seeking does not work. it starts buffering again from the point you seek to, which is completely annoying because it takes time to buffer hd streams. the reality is that right now, flash is miles ahead of anything else for the purposes of streaming video over the net. for example, look at any of youtube's live streams, all sorts of auto-bandwidth shit goes on in the background and the video quality varies seamlessly without any annoying breaks. ditto south park studios.
also, i hate not being able to control the loadingof the video in html5. for flash, i just put all plugins in 'click to play'.

Re:Bad advice in article (1)

Pieroxy (222434) | more than 2 years ago | (#38940165)

"Flash should never be installed on anyone's computer, ever."

Let alone anyone's phone !

Re:Bad advice in article (1)

azalin (67640) | more than 2 years ago | (#38940919)

That's exactly what the late Steve used to say

Oh look a ticket came in..... (0)

Anonymous Coward | more than 2 years ago | (#38939301)

I know what piece of shit I'm cleaning of the user's machines in the morning!

Those wily fb links (5, Insightful)

tkprit (8581) | more than 2 years ago | (#38939349)

Bitches are getting good! If I see an interesting link on FB that hasn't popped up in my reader, I go to the source site and try to find the linked article myself because, well, it's FB. But I noticed a crazy-sounding headline from The Washington Post, went to the wp site, never found it, went back to fb and hovered over the link, ready to warn the friend that they'd clicked the wrong link — hoverlink pointed to trove.fb.xxxxxxx (one of those apps for "social sharing" every 'article' you read in the app). I didn't allow the app, of course, but the headline being on the WP bugged me; back on wp.com, I finally found a barely-related article that had a sentence buried deep inside it that alluded to the sensationalistic headline linked on fb. I should have known: the Post dumbs down the articles for fb (why would anyone want to admit to reading the dumbed-down versions?).

.

These apps are hell! Why not just go to the WP and read the whole article there? It's like AOL came back from the 90s, bigger and badder (content not served to you; you have to beg for it by approving each 'app', and then you just get a morsel instead of the whole content). And ppl want this?!

Fine; let em have it. I now officially support these fb malware apps — funny to watch in action, and maybe enough of them will teach people not to use these 'apps'. And booyah on the Post for succumbing to the dumbing down of content to feed the masses.

Re:Those wily fb links (2)

k6mfw (1182893) | more than 2 years ago | (#38939535)

> It's like AOL came back from the 90s, bigger and badder

At least AOL sent 3.5" disks that could be used storage (tape write-protect hole) or as coasters for beverages.

But seriously, "alpha hotels" can post dangerous wily links and with zillion people on FB, all it takes is 0.001% to fall for it and there will be large numbers of computers will be inflicted. This has potential to spread and cause havoc.

I use one computer for online stuff, other machines ain't know way ever connect them to the 'net. Did you know Windows XP will never crash as long as you don't connect it to the internet. And also don't load it with a bunch of crapola programs. I know of one system that is running for years (at work for a special application and only three machines are networked together). Damn thing keeps running.

Re:Those wily fb links (1)

Zontar The Mindless (9002) | more than 2 years ago | (#38939651)

These apps are hell! Why not just go to the WP and read the whole article there? It's like AOL came back from the 90s, bigger and badder (content not served to you; you have to beg for it by approving each 'app', and then you just get a morsel instead of the whole content). And ppl want this?!

Because it'll be more like their smartphones (and EVERYBODY knows we now want our desktops and laptops to look and act just like our phones, even Microsoft!), despite the fact that having a separate "app" for every content provider is anything but smart.

Unless you're just looking for (more) ways to extract rents from people while you're merrily leading them down the primrose path to AOL ca. 1992... or Apple ca. 2012...

Re:Those wily fb links (0)

Anonymous Coward | more than 2 years ago | (#38939747)

I miss the time period between "AOL keyword [name]" and the now-standard "Facebook.com/[name]"

Not me (3, Informative)

kheldan (1460303) | more than 2 years ago | (#38939463)

Apparently I picked a good month to decide I'm sick and tired of all the Failbook bullshit and delete my account.

Instructions on how to permanently delete your Facebook account [groovypost.com]

Re:Not me (1)

Anonymous Coward | more than 2 years ago | (#38939577)

That's cute, you think that telling Facebook to delete your account removes any information they have of you.

Re:Not me (2)

satuon (1822492) | more than 2 years ago | (#38940357)

Even if they actually did delete it from all their servers and backups, some of it could still have been harvested by who knows how many site grabbers and bots. And you can't delete that.

Re:Not me (0)

Anonymous Coward | more than 2 years ago | (#38943201)

Even if they actually did delete it from all their servers and backups, some of it could still have been harvested by who knows how many site grabbers and bots. And you can't delete that.

Some of these "bots" would probably know a lot more about you than Facebook already. I'm amazed about the amount of privacy concerns on Slashdot about a site you voluntarily choose to upload content to share, compared to the massiv non-opt-in cross-site aggregation (including here on this site, check the HTML) of data about you Google is amassing. You think you are clever running no-script including on Slashdot? Think again, that is just one of several ways to fingerprint you.

http://www.scientificamerican.com/article.cfm?id=how-googles-new-privacy-p [scientificamerican.com]

Re:Not me (1)

kheldan (1460303) | more than 2 years ago | (#38943735)

No real name or personally identifiable information about me was ever used on Failbook. In fact I used completely fictitious information wherever I could, just to fuck with Failbook, and nobody I know was ever allowed by me to post photos of me.

Re:Not me (1)

kheldan (1460303) | more than 2 years ago | (#38943717)

I used false information everywhere on Failbook, and never made posts with personally-identifiable information in it, and NEVER allowed anyone to post a photo with me in it.

Re:Not me (1)

kheldan (1460303) | more than 2 years ago | (#38943703)

That's cute, you think I used my real name, real information, and posted personally-identifiable information about myself anywhere on Failbook, ever. At best they'd have the names of people I know, none of which would reveal my actual, legal name (and not all of them know it) unless compelled by a court order.

Re:Not me (0)

Anonymous Coward | more than 2 years ago | (#38939719)

I did the same thing yesterday. First, facebook led me to deactivate my account. I did that, but had to reactivate it to have it "ordered" for deletion. I was informed that the process to delete my account could take up to 14 days. My pc crashed not once, but twice because of all that hidden garbage. It took me at least 4 hours to clean my computer.

Re:Not me (0)

Anonymous Coward | more than 2 years ago | (#38940133)

Sorry, but that's not why your PC crashed, and you probalby have not "cleaned" your computer. Take your machine to someone who can re-install the OS for you.

Re:Not me (1)

Anonymous Coward | more than 2 years ago | (#38940637)

FUCK THE FACEBOOK !! (-1)

Anonymous Coward | more than 2 years ago | (#38939525)

FTFB !!

Does it run Linux ?! (1)

Mr Europe (657225) | more than 2 years ago | (#38940433)

NO !

Re:Does it run Linux ?! (1)

azalin (67640) | more than 2 years ago | (#38940935)

don't you just hate being discriminated against?

60,000 people ... (1)

Skapare (16644) | more than 2 years ago | (#38940893)

... whose access to the internet and computers needs to be denied.

Nice (0)

Anonymous Coward | more than 2 years ago | (#38942373)

I thought Facebook hired this really good hacker to help with all of this?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>