Join 3,562 readers in helping fund MetaFilter (Hide)


Who's posting links to malware/viruses from my facebook account? How do I make them/it stop?
March 15, 2009 10:37 AM   Subscribe

Facebook-filter: Somehow two links have been posted to my facebook page, NOT by me, which directly people to a website to "Vote for my modeling pic please :) http://theimageparlour.com/images/?&uploaded=58291H560.jpg" or similar ... that pages contains malware or virus. How is this getting posted? How can I stop it?

The first link was posted yesterday, I changed my password and limited some permissions (including "links" requiring that application to "Prompt me" before posting to my wall). It happened again today with a new link which stated:

Vote for my modeling pic please :) http://theimageparlour.com/images/?&uploaded=58291H560.jpg

Today I limited permissions on all my applications and deleted most of the non-standard applications (i.e., Causes, rate beer, etc) and limited the standard applications (Photos, events, links) to "Prompt me" before posting anything.

I get nothing when searching for the specific file name referenced in the link nor when searching for the website it's "uploaded" to ... though that site does seem to offer file uploads.

Any ideas what else I can/should do? Is this a more common scheme that occurs on facebook? Thanks social-networking-privacy-protecting-stranger-helping-mefites!
posted by unclezeb to Computers & Internet (8 answers total) 2 users marked this as a favorite
 
So this post was attributed to you and not one of your friends? In the past, Facebook viruses would post such a message on the walls of all of your friends.
posted by roomwithaview at 10:44 AM on March 15, 2009


Well for one thing could a mod remove the (actual working) URL from your question, since it does indeed lead to a fishy download? MeFi questions get indexed and copied all over the place.
posted by rokusan at 10:48 AM on March 15, 2009


Change your Facebook password, change your e-mail password. Could help. You aren't the first to have their Facebook profile hacked.
posted by Salvor Hardin at 11:00 AM on March 15, 2009


I guess I do need to ask a mod to remove the link, thanks rokusan

Roomwithaview, you are right, it was posted as though it was from me.

Also, I have already changed my account passwords.
posted by unclezeb at 11:12 AM on March 15, 2009


Rokusan, I have submitted a request and inquiry to facebook to have the posts deleted from others' accounts/walls and to see what they suggest I do.

I used this page:
http://www.facebook.com/help.php?page=797 and clicked on "Messages or posts were sent from my account, and I didn’t send them."

According to that page:
It is possible that malicious software was downloaded to your computer or that your password was stolen by a phishing website designed to look like Facebook. Please carefully follow the steps provided:

1. Run anti-virus software: If your computer has been infected with a virus or with malware, you will need to run anti-virus software to remove these harmful programs and keep your information secure.
* For Windows:
http://www.microsoft.com/protect/viruses/xp/av.mspx http://www.microsoft.com/protect/computer/viruses/default.mspx
* For Apple/Mac OS:
http://support.apple.com/kb/HT1222

2. Reset password: From the Account Setting page, you will need to create a new password. Be sure to use a different password than you use for other sites or services, made up of a complex string of numbers, letters, and punctuation marks that is at least six characters in length. Do not use words found in the dictionary.

3. Never click suspicious links: It is possible that your friends could unwillingly send spam, viruses, or malware through Facebook if their accounts are infected. Do not click this material and do not run any ".exe" files on your computer without knowing what they are. Also, be sure to use the most current version of your browser as they contain important security warnings and protection features. Current versions of Firefox and Internet Explorer warn you if you have navigated to a suspected phishing site, and we recommend that you upgrade your browser to the most current version. You can also find more information about phishing and how to avoid it at http://www.antiphishing.org/consumer_recs.html and http://onguardonline.gov/phishing.html.

Phishing is an online attempt to trick a user by pretending to be an official login page or an official email from an organization that you would have an account with, such as a bank or an email provider, in order to obtain a user’s login and account information. In the case of a phishing login page, the login page may look identical to the login page you would normally go to, but the website does not belong to the organization you have an account with (the URL web address of the website should reflect this). In the case of a phishing email, the email may look like an email you would get from the organization you have an account with and get emails from, but the link in the email that it directs you to takes you to the above phishing login page, rather than a legitimate login page for that organization.

To prevent your account information from being obtained in a phishing scheme, only log in to legitimate pages of the websites you have an account with. For example, "www.facebook.example.com" is not a legitimate Facebook page on the "www.facebook.com" domain, but "www.facebook.com/example" is a legitimate Facebook page because it has the "facebook.com" domain. When in doubt, you can always just type in "facebook.com" into your browser to return to the legitimate Facebook site.

If you are still unable to access your profile, please send us more information regarding the issue so we can investigate. Please submit your report here.
posted by unclezeb at 11:25 AM on March 15, 2009


Best collection of privacy explainations for facebook while dealing with this:
http://www.allfacebook.com/2009/02/facebook-privacy/

Any other thoughts on who someone might have done this to my account or anything else I should do to prevent it from happening again?
posted by unclezeb at 11:54 AM on March 15, 2009


Any other thoughts on who someone might have done this to my account or anything else I should do to prevent it from happening again?

1) Someone who turns spam popups and botnets into money.
2) a) Don't use PCs that you don't control to login to anything that you care about.
2) b) Don't download shit to PCs that you do control.
2) c) Use a modern browser, disable scripts, and keep your system patched up.
2) d) Don't follow email links; emails are easy to spoof and links are hard to read.
posted by a robot made out of meat at 2:39 PM on March 15, 2009


@a robot made out of mead:

2) a) Don't use PCs that you don't control to login to anything that you care about.
No problem there.

2) b) Don't download shit to PCs that you do control.
Check - big advocate of protecting against mal/ad/spam-ware. Running AVG, Windows Defender, Advanced SystemCare, and regular HijackThis analysis.

2) c) Use a modern browser, disable scripts, and keep your system patched up.
Completely up to date Firefox

2) d) Don't follow email links; emails are easy to spoof and links are hard to read.
Of course, sound advice.

This is why I was concerned - I'm not exposing myself to vulnerabilities in any of the above, more common, ways -- nonetheless someone posted these links to my account. Still trying to figure it out.
posted by unclezeb at 1:11 PM on March 18, 2009


« Older OS X Spotlight annoyance quest...   |  Craigslist HD TV deal..it was ... Newer »
This thread is closed to new comments.