If you get a posting on your Facebook
wall telling you "this is without doubt the sexiest video ever! :P
:P :P" which seems to be accompanied by a video titled "Candid
Camera Prank [HQ]" then don't click on the video: it's a lead-in to
Clicking the link will take you to what seems like a Facebook
application which then tells you that your video player is out of
date – and encourages you to download a file.
If you do, then the same "video" plus link gets posted using your
avatar to al your friends on Facebook -– meaning it is spreading
It's not clear at present whether Facebook has acted to halt it. You
should, however, expect that it will mutate in the coming hours/days
(depending on how determined the virus writer is), so it might not
be exactly that message or video frame. The key element in the
attack is that it tells you to download a file.
Sophos, Graham Cluley notes that:
"Judging by the number of messages posted on Facebook, thousands of
people received this attack. If you were one of them, you should
scan your computer with an up-to-date anti-virus, change your
passwords, review your Facebook application settings, and learn not
to be so quick as to fall for a simple social engineering trick like
this in future."
The file seems to install a piece of adware called Hotbar, which
thus generates revenue for the malware writer. (About Hotbar:
"displays a dynamic toolbar and targeted pop-up ads based on its
monitoring of Web-browsing activity. The toolbar appears in Internet
Explorer and Windows Explorer. The toolbar contains buttons that can
change depending on the current Web page and keywords on the page.
Clicking a button on the toolbar may open an advertiser Web site or
paid search site. Hotbar also installs graphical skins for Internet
Explorer, Outlook, and Outlook Express. Hotbar may collect
user-related information and may silently download and run updates
or other code from its servers.")
Microsoft is, separately, strongly encouraging people and companies
to stop using Internet Explorer 6, using the argument that "you
wouldn't drink 9-year-old milk, so why use a 9-year-old browser?"
Though aimed at the Australian market (possibly IE6 has a higher
prevalence there due to some geographical quirk), the arguments for
abandoning IE6 are stronger than ever, and have been repeated many
times – not least on this site (the browser that won't die, why the
NHS can't get its browser act together). And of course it is widely
believed – though so far not confirmed – that IE6 was the vector for
an attack against Google by Chinese hackers at the end of last year.