The Facebook virus authors tried again - and failed - to infect my computer.  Screen shot grabber in hand I've documented the experience to (hopefully) prevent your computer from being infected.  As I've recommended in other blog entries, being observant and following a couple of simple rules will prevent the majority of security attacks from being successful.

How did this attempt begin?  As with many attempts, this started with an email.  Here is what I saw in my inbox:

The title alone made be suspicious - any email that is asking you to make account updates, provide personal information or download a file should be treated with caution.  Suspecting a trap I proceeded, paying close attention.  After opening the email I saw this:

This is a bogus email - not from Facebook (although the authors made every attempt to make it look real).  How can I tell?  Apart from the content - which is asking me to update account information - the link connected to the "here" text and Update button doesn't take you to Facebook, but somewhere else.  When I moved my mouse over the links (without clicking) here is what I saw:

http://www.facebook.com.eiye1uf.eu/globaldirectory/LoginFacebook.php?ref=461329269262268964805734619784016454158477943139882248437479228824&email=

Note that the main part of this link - at the front - is "www.facebook.com.eiye1uf.eu" - the link goes to a site temporarily purchased and created by the hackers at "eiye1uf.eu".  The "www.facebook.com" part up front is just for show.

General advice #1 - never click on a link in an email requesting you to download a file or update an account or provide login information.  If you need to do any of those things go directly to the website - type in the URL in your Internet browser.  If you need to do something you'll be informed when logging into your account directly.

For the purpose of documenting this experience I did exactly what I said you shouldn't do - I clicked.  Here is the website I was taken to:

Notice again that I'm not actually on Facebook's website, but rather a website hosted by a hacker made to look like Facebook's website.  The fake login page is a mechanism to capture your Facebook credentials which will allow the hackers to steal your Facebook contact information and spam all your friends - hoping to infect them as well.

General advice #2 - if you clicked through a link when you shouldn't have and the URL in your browser is something strange... close your browser and restart your computer (just to be on the safe side).

Again, I did what you shouldn't do - but with a fake email address.  Since this website isn't really Facebook the fake email address and fake password I entered were accepted as legitimate.  Here is the next phase of the hacker plot:

Now we're really at the heart of the matter - the hackers want me to download and install "updatetool.exe" - a virus that will likely try to trick me into paying the hackers money.

General advice #3 - if you ignore #1 and #2 please... do not download and run applications (generally files that end in .exe) from websites unless you are very certain the website is the site you think it is and the website is credible.

This is where I did stop - because downloading and running "updatetool.exe" would have infected my computer and, with Halloween around the corner, I don't feel like spending my weekend removing the infection (of course... I could just let my machine get infected and use my support.com subscription but that doesn't seem fair to our Solutions Engineers).

If you read this because you suspect your computer is infected, our Solutions Engineers are one option to get you back to an uninfected state.