Facebook Fan Check Virus Infects Your Account
Facebook is not only the world’s largest social network but also the fastest growing, hence why viruses, malware and phishing scams have found the right spot to make out, and latest to scare the users is the Facebook fan check virus.
The Facebook fan check application shows how many friends you have and allows to create a RSS feed to post it on your Facebook page. However, the app says it’s “adding new features and new capacity” which “could take a few days”. In the meanwhile you should become a fan, and they’ll send you an update when things are back online. Don’t do it! All it will do is to infect your FaceBook account sending an email to all your friends who will be infected, too.
A few people reported that the Facebook fan check app has changed their email and password for their accounts — nothing confirmed yet, so you’d better take caution when allowing new apps to install security software.
Although there doesn’t seem to be a solution to the virus (abstinence is the best method, eh?) we’re waiting on an official statement from Facebook regarding the whole issue.
Share
Be very careful about searching for information on the Facebook Fan Check Virus as hackers have set up websites designed to scam you with fake anti-virus software.
More details here:
http://www.sophos.com/blogs/gc/g/2009/09/07/facebook-fan-check-virus-scare-leads-malware/
More likely a hoax: http://mashable.com/2009/09/07/facebook-fan-check-virus-hoax/
This article throws up many questions which aren’t answered. Firstly, does having this on your profile change your password? Or does having a friend with it change your password? Secondly, how would it change your password? In order to change your password, it would need two things, access to your current password and the ability to trick you into clicking a specific link to change it. To explain; facebook is written in php- php sends data two ways, via $_POST[] and $_GET[]. In order to change the password, the app would need to get the user to click on a button with an invisible form attached that sent the new password twice on the two $_POST[] elems that FB used to do this. There is no way of getting the parameter names, php is server side and the data is sent over SSL. To put the effort required into grabbing even one password to do this, then disassembling the SSL keys, then adding all this, then getting the user to click the submit button, (not to mention the time and cost) the attacker may as well do something that would make some money, say robbing a bank.
The only other way to do it would be gaining access to the backend database, and getting a salted hash of the password, and then attacking this to get the plain text password, logging in with this and changing it.
I’m not going to call it impossible, but it is extremely, extremely improbable.
Besides this, either of these two attacks would not only mean a major, major security hole in Facebook it’s self, it would also be impossible for the average paranoid user to work out where it came from, and facebook would have closed the app a long time ago.
my profile cant c anything,is tat this virus problem??
What a load of bollocks.
[...] about this app warning users to beware of this app because something fishy is going on. Reports say (no proof yet) this app is actually a virus that will lead users to malware and spyware sites. To [...]
[...] DEVICE, Mashable, [...]
[...] alleged virus has only been described on a couple of blogs, such as this one, but we’ve found no reports about it on sites of security firms such as McAfee or [...]
[...] [來源:DEVICE、Mashable、 AC] [...]
This is a hoax. The Facebook app seems fine, but there are LOADS of nasty sites pretending to carry info about the “virus”. From those sites you may get infected.
Device Mag should be more responsible than simply sow panic!
This text has nothing to do with reality. It’s a hoax. This article is very unprofessional as it raises unjustified fear. Check my website for explanation on what this is.
Fake bullshit as 99.99% of all virus alarms out there, I have this app installed since ever and nothing described in this pamplet happened to me.
Stop spreading BS dude.
Im must worried. My computer saying Facebook does not Exist, and I was tagged. There seems no way I can get it on on any browser. So thanks a lot to whatever fool made this App
how do u fan check the people on your buddy list to see who is stalking ( say your girl) lol i was able to see it before now it only loads my stalkers and i cant see my girls stalkers i thought it was the best thing ever and she never knew how i was able to tell who she was talking too ( guy wise) i never had a problem with stalker check this is all bull please fix it so my girl dont talk to anyone that i cant see lol( my email is a friends email as a hidden identity
Read more: http://www.devicemag.com/2009/09/07/facebook-fan-check-virus-infects-your-account/#ixzz0QjktVlMj
I cannot open pretty much anything on my profile,friends page,chat box,status,etc.
This a hoax !
Fan check is sending mail to you because it tags your picture on the fan board.
So, each time a fan post a comment of the fan board you will receive it because the guy whose is running Fan Check belongs to your address book.
Thats’s why people thought that it is a virus.
3 solutions :
- untag your name of the fan board ; this will only remove the notification of photo comment
- remove your friend
- change your notification settings
Stefan Andjelkovic says: “I cannot open pretty much anything on my profile,friends page,chat box,status,etc.”
That sounds like typical Facebook. Stuff likes to not load from time-to-time.
Got something to say?