A breathless warning is circulating Facebook that claims a virus is spreading “like wildfire” across the social networking website that asks you to watch a video on YouTube.
The warning actually started spreading in 2010, and is based on a genuine threat. However the warning appears to have been authored by someone with little knowledge of cyber-security, and as such contains plenty of nonsensical jargon and factually incorrect statements.
An example of this warning can be seen below –
THERE IS A VIRUS SPEADING LIKE WILDFIRE ON FB. DO NOT ACCEPT ANYTHING FROM ANY OF YOUR FRIENDS THAT ASK YOU TO WATCH A VIDEO ON YOUTUBE. SNOPES JUST CONFIRMED. IT IS A TROJAN WORM VIRUS CALLED KOOBFACE. IT WILL STEAL INFO, INFEST YOUR SYSTEM AND SHUT IT DOWN. DO NOT OPEN THE LINK. PLEASE REPOST THIS IN YOUR STATUS
COPY & PASTE
Firstly it is important to know that the crux of this message, which warns of a threat that manifests itself in a request to watch a video on YouTube, is genuine. While this isn’t a particularly new type of threat, it can be very convincing and catch out even security-wary users.
The threat involves a victim receiving a message on Facebook that appear to be web address leading to the video sharing site YouTube. A message sent along with the link urges the recipient to open the attachment to see a video. However this link doesn’t lead to YouTube. Instead it is either a phishing scam that leads the victim to a spoof login page that steals usernames and passwords, or it leads to a malware site that will attempt to trick the victim into downloading an installing dangerous software posing as a video update.
We discuss this threat in more detail in our blog post here.
Despite the intention of the author in the warning above, however, this warning is plagued with mistakes and inaccuracies. Firstly, the warning shows its age by mentioning “koobface” which refers to a strain of malware from around 2010 and 2011 that had the ability of stealing social media credentials (and subsequently gaining control of those social media accounts.) The threat is comparatively rarer today as malware classifications have changed; the only times we hear the term ‘koobface’ these days is via inaccurate warnings like the above or from spammy pop-ups trying to lure victims into installing malware disguised as antivirus.
Incidentally, this warning also shows its age by misspelling “spreading” which the original 2010 version did as well.
Additionally the warning mentions the term “Trojan worm virus” which are actually three different classifications of malware. That is to say, there is no such thing as a “Trojan worm virus”. The threat the warning is trying to describe is actually usually a method of phishing scam, but can lead to malware-laden websites – which type of malware specifically can vary.
The warning also opts to make vague and alarmist claims instead of anything resembling a detailed description about how the scam works. Instead of describing what happens if you click a link, the warning instead just claims a “Trojan worm virus” will infest your system and “shut it down”. Not very helpful.
We love it when readers try to warn others about security threats, but hate it when what is actually passed between users is vague, confused nonsense that struggles to barely describe a genuine threat. If you want to warn your friends about the threat this warning is trying to describe, pass them our article about it instead.