Facebook Hoax: Facebook will end on March 15th 2012

facebook(low)SophosLabs: Have you seen the news? Maybe your friends have shared it with you.

Apparently, Facebook is going to shut down on March 15th, 2012. Mark Zuckerberg has reportedly found running the site just too stressful.

Here’s the link that many Facebook users have been sharing with each other.


Some worried Facebook users have even been sharing this photograph of a news report about the claimed closure of the world’s most popular social network:


However, before you start wailing and gnashing your teeth, I suggest you read the following:

Q. Is it true that Facebook will end on March 15th?
A. No.

The link being shared points to the website of the Weekly World News. Facebook users in America may be all too aware that stories published in the Weekly World News (WWN) often only have the very loosest relationship with the truth.

megan-fox-170For instance, other popular stories on its website right now include “MEGAN FOX IS A MAN!”, “ALIEN SPACESHIPS TO ATTACK EARTH IN NOVEMBER 2012”, and – a favorite of mine – “CONFIRMED: WORLD WILL END OCTOBER 21, 2011”.

So, maybe you shouldn’t believe them when they say that Facebook is going to shut down its business.

In fact, the Weekly World News’s bogus claim about the end of Facebook, seems to be its most popular story by far with over 22,000 comments from concerned users.

And it’s not even a new claim! You may remember that we went through this ridiculous scare a year ago, when the Weekly World News first claimed that Facebook was going to wind down.

Hoaxes like this waste time, use up bandwidth, and simply underline that many people don’t check their facts before sharing links and spreading news.

The only thing they do serve to do is bring a lot of traffic to the Weekly World News website, which presumably makes their advertising team happy.

Keep your wits about you and stay informed about the latest scams, hoaxes and malware attacks spreading fast across Facebook. One of the best ways to do that is to join the Omid’s TechBlog! Facebook page, where we regularly share information on threats and discuss the latest security news.

US attacks Iran and Saudi Arabia? Malware spreads via Facebook status updates

tank-170SophosLabs: Beware of malware lurking on news websites claiming to containing breaking news stories.

I’ve seen a worrying number of Facebook users posting the same status messages today, claiming that the United States has attacked Iran and Saudi Arabia in a move heralding the beginning of World War 3.

Well, that would certainly get your attention, wouldn’t it?

A typical status message looks like the following:


U.S. Attacks Iran and Saudia Arabia. F**k 🙁 [LINK] The Begin of World War 3?

If you visit the link mentioned in the status update, you are taken to a fake CNN news webpage which claims to contain video footage of conflict.


However, clicking on the video thumbnail prompts the webpage to ask you to install an update to Adobe Flash.


Of course, it’s not a real Flash update, but malware instead. Remember, you should only ever download a Flash update from the genuine Adobe website.

The malware – which Sophos is adding detection for as Troj/Rootkit-KK – drops a rootkit called Troj/Rootkit-JV onto your Windows computer. In addition, Sophos detects the behaviour of the malware as HPsus/FakeAV-J.

What isn’t entirely clear at this point is how the message is being shared by so many Facebook profiles. It’s possible that malicious code on users’ computers is sending the message to Facebook without users knowing. To be on the safe side, you should scan your computer with up-to-date anti-virus software and ensure you have the latest security patches in place.

If you use Facebook and want to get an early warning about the latest malware attacks, scams and hoaxes, you should join the Omid’s TechBlog Facebook page.

Yet another Facebook Hoax: ‘New Way Gangs Steal, Rape and Kidnap Girls’

SophosLabs: Facebook users are innocently sharing advice with their online friends about how women can avoid being kidnapped and raped, not realizing that they are perpetuating a hoax.

Here’s a typical message that is being shared, which comes attached to an image of a young woman gagged and tied up in the trunk of a car.



This message is for every Girl Who Goes to college or office alone.If u find any child carrying on road showing his/her address n asking u to take him/her to that address,take that child to police station n plz don't take it to that address . IT IS A NEW WAY GANGS TO STEAL,RAPE and KIDNAP GIRLS .plz circulate to all .don't feel shy to copy This as ur status .

A different version reads:

ATTENTION ALL GIRLS AND LADIES: if you walk from home, school, office or anywhere and you are alone and you come across a little boy crying holding a piece of paper with an address on it, DO NOT TAKE HIM THERE! Take him straight to the police station for this is the new 'gang' way of Kidnap and rape. The incident is getting worse. Warn your families and friends. Repost this please!

So, are rapists really luring victims by using young children who appear to be lost?

girl-crying-170No, says Snopes, which reports that the warning has been spread on the internet since at least 2005.

Snopes further reports that despite scouring media reports, they managed to find no confirmed cases of such a technique being used by attackers.

It therefore feels right to file this warning under the title of “baseless scare”, and ask Facebook users to stop sharing it with their friends.

You can read more about the hoax on the Snopes website.

If you use Facebook and want to get an early warning about the latest scares, scams and internet attacks, you should join the Omid’s TechBlog Facebook page.

Hoax: The Pink Profile Pic Facebook virus hoax

SophosLabs: Have you noticed the profile pics of some of your Facebook friends have acquired a pink tinge?

Rumours have hit the social networking site that the Facebook app that turns your profile picture pink carries “keylogger malware” that can spy on your keypresses, and steal your passwords – not just from Facebook, but from online banks you may log into as well.

One warning reads as follows:

ABC News 24 just released a statement about a virus on facebook app that adds a pink tinge to your profile picture to `raise money for cancer`.
Be aware this fake third-party app installs a virus on the machine you used to access the app. Apparently its a keylogger malware that searches for bank details and passwords etc. Facebook allows keylogger in its apps to aid predictive search algorithms, and therefore the virus hasnt been picked up.
Keep a look out for any of your friends who may have fallen victim to this app. Apparently, they should be easily identifiable with a pink tinge to their profile picture.

However, the warning is balderdash. ABC News has released no such warning, the app is not malicious and we have seen no evidence that it contains a keylogger. The truth is that your Facebook friends are doing something positive – helping raise money and awareness for the fight against breast cancer.

Australian bank CUA raises funds every October for Breast Cancer Awareness Month, and this year decided to share an app that would change users’ profile pictures pink to show that they were supporting the campaign.

Remember to always get your computer security advice from a computer security company. Friends may be well-intentioned in passing on warnings, but it’s always good to check your facts before forwarding them any further.

If you want to learn about the real threats on Facebook you should join the Omid’s Blog facebook page, where I’ll keep you up-to-date on the latest rogue applications, scams and malware attacks threatening social network users.

Hoax: Facebook Gold membership for $9.99

SophosLabs: A hoax claiming that Facebook is planning to start charging users continues to spread across the social network, and has now been adapted by mischief-makers into a claim that the service will be free if users forward a message before midnight.

Duped users are sharing the message with their online friends, believing it will help them avoid charges of between $3.99 and $9.99 per month.


It’s amazing what people will believe when they are sent a message from a trusted friend – but let me assure you, Facebook is *not* going to ask you for your payment when you sign onto the site tomorrow morning. And no, the announcement of Facebook beginning to charge its users has *not* been on the news.

As I explained at the end of last week, these claims are complete and utter poppycock. If a friend of yours forwards you the message, admonish them for spreading a chain letter and suggest they inform all of their friends that they were mistaken (maybe they could link to this article if anybody needs convincing?).

Don’t forget you should join the Omid’s Blog Facebook page, where we not only debunk hoaxes and chain letters, but we also keep you up-to-date on the latest rogue applications, scams and malware attacks threatening Facebook users.

Christmas Tree app virus hoax spreads on Facebook

Thousands of Facebook users are warning each other about a Christmas Tree virus said to be spreading in the form of a rogue application on the social network.

The only problem with this warning? It’s utterly bogus.


Here’s a typical message being shared widely on Facebook:

WARNING!!!!!!.....DO NOT USE THE Christmas tree app. on Facebookplease be advised it will crash your computer. Geek squad says its oneof the WORST trojan-viruses there is and it is spreading quickly.Re-post and let your friends know. THANKS PLEASE REPOST!

Users believe they’re doing the right thing when they share warnings like this – but unfortunately they haven’t checked their facts. Although anyone could at any time create a rogue application with the name “Christmas Tree” of course, we’re not aware of any malware which uses this disguise.

Furthermore, since when was Geek Squad a reliable source for information about new malware? Wouldn’t you be more sensible to check with an established anti-virus company? A legitimate warning would at the very least have included some links to further information – such as a statement on Geek Squad’s website.

Ironically, the hoax is probably spreading much faster than any of the genuine commonly encountered Facebook viruses at the moment.

Please don’t share virus warnings with your online friends until you have checked them with a credible source (such as an established computer security company). Malware can be killed off fairly easily, but misinformation like this can live on for months, if not years, because people believe they are “doing the right thing” by sharing the warning with their friends.

If you’re a regular user of Facebook, be sure to join the Omid’s Blog! page on Facebook to be kept informed of the latest security threats.

PS. Those of you very long in beard may recall that in the late 1980s there was a real virus called “Christmas Tree” (also known as “CHRISTMA EXEC”). It displayed a crude picture of a Christmas Tree using the ASCII character set, and infected computers on IBM’s internal network and other systems.

However, as this was way back in 1987 I’m pretty confident that this hasn’t inspired the latest scare on Facebook!

A Virus Is Coming! Tell All Your Friends!

Email hoaxes are nothing new, dating back at least as far as 1994 with what is widely believed to have been the first email hoax—referred to as the “Goodtimes virus” or the “Goodtimes virus hoax” after the subject of the email. The message in the early version was short and to the point, advising recipients not to open email messages with the subject “Good Times” because doing so would ruin their files. This, of course, was not true, but in cases where the recipient complied with the warning, it obviously had the effect of ruining their chances of actually reading any legitimate email messages with that very subject.

Before email, normal postal mail (known fondly by many as “snail-mail”) chain-letter hoaxes regularly did the rounds, and sometimes still do even today. The difference between a simple hoax and a chain-letter hoax is that the latter encourages the recipient to forward the letter or email on to others, usually family and friends. Sometimes the hoax email claims that something good will happen to the sender if they send the letter on to at least 5 or 10 or 15 or 20 people, whereas others take the darker path of sternly informing the recipient that failing to forward the message to others will result in something bad happening. This could be illness, loss of income, the sky falling, or whatever the case may be (insert evil consequence here). Of course, both the “carrot” and the “stick” versions prey on people’s natural desires for good things to happen in their lives, and their equally natural desire to prevent or avoid “bad luck.” I’m sure most people don’t truly believe that something bad will result if they fail to forward the message, but many people are superstitious and probably take the view, “Well, it can’t hurt, so just in case…”

A minor variation of one particular hoax that dates back to at least 2006 (and possibly before) has recently resurfaced and is scaring people once again. The email looks like this:

Screen shot 2010-05-03 at 11.58.19 PM

Now, if you happened to get an email like this in your inbox, how would you be able to tell if it was a hoax or not? Personally, the first thing I would do is to use my preferred search engine to look up some of the characteristic words or phrases in the message. An example of this is pasting the words “Symantec POSTCARD FROM HALLMARK hoax” into a search, which returns a list of results. The subject line is different, but the contents of the message are almost identical, which is a clear sign that the email is indeed a hoax. Replace the word “Symantec” with any other organization listed in the message (CNN, Microsoft, Snopes, etc.) and the search results will provide a solid indication that the email is a hoax. While it only takes a few seconds, to be perfectly honest I don’t believe a search is even necessary in this case, nor in many others. An easier and faster way of determining whether the email is a hoax or not is to simply consider the content of the message. Any of the following phrases should immediately ring alarm bells to the tune of “this has fake written all over it”:

“Get this E-mail message sent around to your contacts ASAP”
“This is the reason why you need to send this e-mail to all your contacts.”

Put simply, if you receive an email warning of impending doom and urging you to forward it on to friends and family, it’s probably, almost certainly, practically guaranteed to be a hoax.

Please note that Symantec products do not detect these hoaxes, because by definition they don’t contain malicious code—they are simply misinformation and an annoyance. If an email did in fact contain a malicious attachment or other malicious code, it would not fall under the definition of a hoax and would be appropriately categorized as a threat.

So my advice is this: if you do get one of these hoax emails in your inbox, before you forward it to all members of your extended family, friends and acquaintances, stop and have a think about it first. What do your instincts tell you? Do you really believe it’s genuine? If not, delete it. If you’re still not sure, use a search engine to see what information you can find on it—in many cases you don’t even need to open any of the links to get what you need. The few lines under each result can be very informative (after all, we all know how easily search engines results can be poisoned these days, so why open them if you don’t have to?). And after all that, if you’re still not sure, consider this:

Most people who forward on these chain-hoaxes—for want of a better term—do so from a combination of fear and of wanting to help others (and hopefully be rewarded with thanks for doing so). But what if the email contained a real, disguised virus—a virus for which no security vendor yet had a solution? A virus that really was programmed to “burn the whole hard disk C of your computer” just after you forwarded the email on to all your contacts. And imagine the same thing happened to those contacts. Would they thank you then? Probably not.

BlackBerry Messenger the new vehicle to distribute Hoaxes?

I received an interesting IM from a friend via BlackBerry Messenger [BBM] this weekend. She was worried that it could do damage to her shiny new BlackBerry and, as she knew I work for [a security company], she forwarded it to me for my opinion.

As soon as I read it, I knew it was a hoax and told her just to delete it.

It didn’t really surprise me that these Hoaxes are now being spread via BBM as the devices are becoming increasingly popular. I’m sure all of you have received the usual one via E-mail about a Virus which burns the whole hard disc C of your computer , well now I believe you will be seeing them on your BlackBerry.

I don’t want to take the usual route of blaming Social Networks sites but I believe they are the cause for this new wave of Hoaxes. The problem with Social Networks is that it enables almost anyone to be able to add you on several different IM’s by just visiting your page if you do not set your privacy settings correctly.

The new BBM also enables you to add new users by taking a picture of a barcode which is uniquely created for your BlackBerry pin. This makes it incredibly easy for people who you don’t know to add you to their contact list, which leaves you open to receiving more Hoaxes or Spam messages.

I have personally seen lots of these barcodes on several Social networks and forums and warn those who read this blog not to do the same and only share their PIN with contacts they trust.

Users should be careful who they accept as contacts, as you may start to see a lot more of these Hoaxes or even Spam in your BBM inbox.