A Facebook virus (of sorts)

So, I’m not entirely sure how it happened (a renegade Facebook application?), but tonight I got a wall post from a friend which said this:

lol i cant believe these pics got posted….its going to be BADDDD when her boyfriend sees these- http://www.facebook.com.profile.php.id.371233.cn

Suspicious already, of course. With my fingers ready to close the tab if anything bad were to pop up, I clicked on the link. It went to a Facebook login page. That’s odd, I thought. And I almost logged in, because I was in Firefox and I usually do my Facebook stuff in Safari, so I figured I didn’t have a Facebook session open in Firefox.

Luckily laziness got the better of me, and I switched back to Safari to try the link. Same thing. Now, I knew I was logged into Facebook in Safari, so something was up. And then I paid a little closer attention to the URL and noticed that it’s completely bogus, leading to some server who knows where. (The .cn at the end is for China.)

And then the goosebumps came. If I had logged in, whoever this hacker was would have my Facebook username and password. I checked my friend’s recent activity listing and found that her account had wall postings for another twenty-five people or so. All of them had the same message and URL. It didn’t attack her whole friends list (she has 133), which is interesting and makes me wonder if this virus is actually human.

You see, all it takes is for the source to write this message on someone’s wall. That person clicks on the link and “logs in” again, and the hacker now has their credentials. The hacker logs in to the carrier’s account and starts going through their friend list, writing the same message on whatever walls they choose. (The timestamps on my friend’s activity report were consecutive but spaced far enough apart that it probably wasn’t a computer — unless you can only post six or seven wall posts per minute.) More people click on the link, and thus it spreads.

If you’ve got a Facebook account and you get that message, don’t click on the link! If it’s too late, then log in and change your password while you still can. (I wouldn’t be surprised if the hacker immediately changed the password with each new victim.)

I feel like this sounds overdramatic, and it probably is (though why anyone would innocently create a fake Facebook login page and *not* want to steal people’s credentials is beyond me). I don’t think this means people need to start bailing ship and deleting their accounts or anything — simple safety measures will be enough. But do be careful.

Hi Ben:) Happy New Year. I just saw the following news clip on lds.org http://newsroom.lds.org/ldsnewsroom/eng/news-releases-stories/apostle-urges-students-to-use-new-media and I was wanted to ask you if you have had successful “conversations” as indicated by Elder Ballard. I know you often post your thoughts on this, your blog, and hopefully they have been shared? Keep up the great sharings! B

Well, it depends on how we define “successful.” :) For me, a Church-related conversation is successful if it’s a positive experience for both parties and manages to convey at least some of the goodness of the gospel. Though I do have a friend who came across my testimony on my website, started to investigate, got baptized and then married in the temple, and has been a strong member for six or seven years now. But of course I could always do more. :)

You stayed up late! 12: 32 am!

Haha, that I did. But staying up that late will forever be the exception, not the rule — I need my beauty sleep. Er, morning time.

[…] Happy New Year Posted January 2, 2008 Welcome to 2008. I don’t have much to complain about as I just got back to work from 2 stress-free weeks of vacation. I’m hoping that good attitude carries over for awhile, but I’m sure there will be some realizations to write about shortly. I had something trivial to post this morning about Facebook, but it’s more of a warning and found someone else has already posted it, so I thought I’d give him/her some credit: www.topofthemountains.net/2008/01/02/a-facebook-virus-of-sorts/ […]