Virus vs. Hoax (Fancheck on Facebook)

Every now and again there is some new post via Facebook / Twitter / Email about the latest deadly virus which is threatening to attack your PC. Whilst some of these relate to real viruses, the vast majority are hoaxes.

These are often started as a childish prank to see how far they can get the emails forwarded around the world or in an attempt to cause a large load on the servers running the Internet to cause bottlenecks and create a disruption to service. To disrupt emails now takes a lot more than a chain email. Mail servers are much more powerful than in the past, and the amount of traffic these generate is significantly less compared with other Internet traffic. These are however still a major annoyance to people receiving lots of these notifications.

Most of these can be found on the various hoax websites on the Internet:

• Mcafee Hoax list
• Symantec Thread Explorer
• Wikipedia list of hoaxes

Facebook Fan Check

The latest of these is the Facebook Fan check virus. I first saw this a few days ago and whilst it certainly looked like a hoax there was a tiny risk that this could have been a real vulnerability in Facebook. They would not be able to do what is said in the scare stories circulating.

IMPORTANT NOTICE FOR ALL OF MY FRIENDS LIST….The Fan Check Photos app. has a virus, it takes 24 to 48 hours to work through your friends list – Warn your friends! DELETE-DELETE-DELETE & BLOCK!!!! DO NOT TAG ME THANKYOU!!!!!!!!

URGENT FANCHECK IS A VIRUS THAT TAKES 48HOURS TO KICK IN.. EVEN IF YOU ARE TAGGED IN A PHOTO THE VIRUS CAN GET TO YOU.. INFORM ALL YOUR FRIENDS AND DELETE IT ASAP

Normally I would just reply straight away saying that this was false, but for a couple of things.

Facebook applications are not viruses that can generally infect your PC. However if you give access to a Facebook application then they can send posts as you and they can access your personal information (this is listed every-time you are asked if you want to give an application permission). So if it turned out an application was misbehaving then it would be possible for it to access your lists of friends or similar. It is also possible that someone may be able to inject some malicious code but that is far more complicated and would rely on a vulnerability in the browser or plug-in technology.

The other thing is that I could not find any mention of this as a hoax on any of the usual sites. This is because of two reasons, one is that it’s very new and is circulating around the social networking sites faster than the anti-virus companies providing updates and secondly due to Google spamming.

Google spamming

It’s the Google Spamming that seams to be the key trigger here and is the part that sets this virus hoax apart. Searching in Google when this first started gave a list of sites that were owned by the spammers. Some of these had malicious content designed to damage your PC.

So it appears that the danger is not from fan check or any Facebook application, but by googling to find the cause of the problem you can inadvertently download software that is dangerous. This of course applies to any search engine – and Google has already flagged many of the sites that appear to be involved in this scam.

Validation

It’s been late coming, but here are some confirmations that the virus is in fact a hoax.

• PC World Magazine: Sophos: Searches About Fan Check App Can Lead to Malware
• Blogspot Fan Check Virus – social manipulation

Keeping yourself Safe

Firstly in Facebook only give applications access that you trust. You cannot get “infected / attacked / give away information” by just being linked from a friend. The application can only access your lists if you give it access.

Secondly do not run any executable programs from any web sites that you don’t trust.

• Check the website address is correct. The text just before the .com / .co.uk / .org is part of the domain name. So anything.penguintutor.com is part of the penguintutor.com domain, but if someone creates a site called penguintutor.dodgysite.com then this is part of dodgysite.com and nothing to do with the genuine penguintutor.com website.
• Are you familiar with the site?
  You can also install the netcraft toolbar which will give you more information on the sites you are visiting, including a risk rating. Obviously you will only want to install that if you trust the website, or perhaps the website that recommended it [ie. this site].
• If running Linux then it is generally safer to use your distributions repositories rather than downloading from the Internet, unless you trust the site.

Make sure your anti-virus software is running and up-to-date.
If you are using Windows or OSX then you need anti-virus software installed. Linux users are generally much safer from viruses and do not need to run anti-virus (although still need to remain vigilant against other malicious software).
If you don’t already have anti-virus software then you should get some. You can sometimes install one free from your ISP (eg. PC Guard from Virgin Media), you could download the free AVG anti-virus software, or you could buy a commercial anti-virus package from a PC store.

Hopefully this will have given you a bit more information on this virus. I’ll leave it up to you to decide whether to add fan check as a trusted application, but you certainly are not being put in any additional risk just because someone has tagged you in a photo.