General discussion

Infected facebook pages

The PC I am working on is a friend's Dell 1545/Vista-32, had no firewall or antivirus etc. Her facebook page is bombarded with htmls like htp://ph3ps.tk, or htp://amtuf.tk (intentionally mispelled) - I have installed Avast, ZoneAlarm, AdAware and most recently Spybot. A number of bugs have been found but the facebook page remains infected. Facebook has been contacted - I'm not sure if I should just try other similar softwares (as noted above) or go in a different direction. The pc is operating normally - the only issue is the facebook page.

Discussion is locked

Follow
Reply to: Infected facebook pages
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Infected facebook pages
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
May not be their system

It may not be their system, but rather someone just spamming via other means. The sad truth is that in the increasingly digital world we need to be MORE guarded with a lot of information, but sites like Facebook encourage people to be OPEN and readily share information. And social networking sites aren't really social in nature, but that's another issue.

Facebook actually makes money by encouraging people to share information. Information that they can then turn around and sell to marketing companies who are quite good at finding ways around pesky privacy policies and building quite detailed profiles about us. It doesn't help that Facebook has about as much a command of the concept of privacy as Microsoft does security.

In any case, my list of tips are more or less the same as they have been for a long time. They're not a magic cure, but they should help head off a great many problems before they ever become problems. If need be, print it out and staple it to your friend's forehead to make sure she reads it. If she's thick skulled, all the better chance the staple won't do any permanent damage.

TIPS FOR A PROBLEM FREE COMPUTING EXPERIENCE
============================================

The more of these suggestions you follow, the fewer problems you should have. They won't solve any existing problems you have, but if you follow them all you should be able to avoid virtually all problems in the future.

Things you should NOT do
--------------------------------
1: Use Internet Explorer (1)
2: Use any browser based on Internet Explorer (e.g. Maxathon and MSN Explorer)
3: Use Outlook or Outlook Express (2)
4: Open email attachments you haven't manually scanned with your virus scanner
5: Open email attachments you were not expecting, no matter who they appear to be from
6: Respond to spam messages, including using unsubscribe links
7: Visit questionable websites (e.g. porn, warez, hacking)
8: Poke unnecessary holes in your firewall by clicking "Allow" every time some program requests access to the Internet (3)
9: Click directly on links in email messages
10: Use file sharing or P2P programs
11: Use pirated programs

Things you SHOULD do
-----------------------------
1: Use a non-IE or IE based browser (4)
2: Always have an up to date virus scanner running (5)
3: Always have a firewall running (6)
4: Install all the latest security updates (7)(Cool(9)
5: Delete all unsolicited emails containing attachments without reading
6: Manually scan all email attachments with your virus scanner, regardless of whether it's supposed to be done automatically
7: Copy and paste URLs from email messages into your web browser
8: Inspect links copied and pasted into your web browser to ensure they don't seem to contain a second/different address
9: Establish a regular backup regimen (10)(11)
10: Make regular checks of your backup media to ensure it is still good (12)

Being a considerate Internet user & other online tips
----------------------------------------------------------------
1: Do not send attachments in emails (13)(14)
2: Do not use stationary or any other kind of special formatting in emails (13)
3: Do not TYPE IN ALL CAPS (15)
4: Avoid texting speak or "l33t speak" (16)
5: Do not poke sleeping bears (17)
6: Do not use registry cleaners/fixers/optimizers (1Cool(19)

Offline tips and suggestions
----------------------------------------------------------------
1: Avoid buying Acer, HP. Compaq, Gateway, and eMachines computers (20)(21)(22)(23)
2: Avoid sub-$500 systems that aren't netbooks or part of some limited time price promotion (24)

Notes
--------

(1) Sadly sometimes this is unavoidable, so only use IE when the site absolutely will not work with any other browser and you cannot get that information/service anywhere else, and only use IE for that one specific site.
(2) Outlook and Outlook Express are very insecure, and basically invite spam. The jury is still out on Vista's Windows Mail, but given Microsoft's history with email programs, extreme caution is advised. Possible replacements include Mozilla Thunderbird, Eudora, The Bat, and dozens of others.
(3) When it doubt over whether or not to allow some program, use Google to find out what it is and whether or not it needs access to the Internet. Otherwise, denying access is the safest course of action, since you can always change the rule later.
(4) On Windows your options include: Mozilla Firefox, Seamonkey, Opera, Flock, Chrome, and Safari. I would personally recommend Firefox with the NoScript extension for added security, but it the important thing is to pick one and use it instead of IE.
(5) AVG Free and Avast are available if you need a decent free virus scanner
(6) XP/Vista's firewall is probably good enough for 99% of all Windows users, but other options include ZoneAlarm, Outpost Firewall, and Comodo. If you have a router with a firewall built into it, there is no need for any of the aforementioned firewalls to be running.
(7) Microsoft's usual system is to release security updates every second Tuesday of the month.
(Cool Use of Windows Update on Windows operating systems prior to Windows Vista requires Internet Explorer, and is thus a valid exception to the "No IE" rule.
(9) Service packs should ALWAYS be installed. They frequently contain security updates that will ONLY be found in that service pack.
(10) You can go with a full fledged backup program, or simply copying important files onto a CD/DVD/Flash drive.
(11) I'd recommend a tiered backup system. For example, you might have 5 rewritable DVDs, and every day you burn your backup onto a new disc. On the 6th day, you erase the disc for Day #1 for your backup, and so on so that you have multiple backups should one disc ever go bad.
(12) Replace rewritable CDs and DVDs approximately every 3-6 months.
(13) These dramatically increase the size of email messages (2-3X minimum) and clog up email servers already straining to cope with the flood of spam pouring in daily.
(14) If you want to share photos with friends/family, upload them to some photo sharing site like Flickr or Google's Picasa Web and then send people a link to that particular photo gallery.
(15) This is considered to be the same as SHOUTING and many people find it to be hard to read along with highly annoying.
(16) Unless the goal is to make yourself look like a pre-adolescent girl, or someone overcompensating for their gross inadequacies, and you don't want people to take you seriously.
(17) Most REAL hackers are quite content to leave you alone unless you make them take notice of you. No dinky little software firewall or consumer grade router is going to keep them out of your system. So do not go to some hacker website or chat room and start shooting your mouth off unless you're prepared to accept the consequences
(1Cool Most of these programs are scams, and sell you something you don't need. Most of them report non-issues in an attempt to boost the number of "issues". Sometimes using these programs can lead to a non-functioning computer.
(19) The Windows registry is not some mystical black box of untapped performance tweaks for Windows, that will lead to untold improvements in system performance. Most of the tweaks will lead to very modest performance gains of 1-2% tops, and probably less than 10% all combined. There is also a good chance that you will render your system unbootable if you make a mistake when editing. Registry default settings are set that way for a reason. Just do yourself a favor, and forget you ever heard of the Windows registry unless you are a computer programmer/debugger and your job requires knowledge of the registry.
(20) Acer now owns Gateway and eMachines
(21) HP owns Compaq
(22) Hardware failures seem far more common with these brands than can be considered normal
(23) These companies use cheap labor in Asian countries were working conditions are often what would be considered sweat shops, and are run by brutal dictatorships, which you are supporting by buying from these companies
(24) If you just do some simple math, and realize that the cost of individual components like the CPU are around 25-33% of the total retail cost of the system, and everyone involved in the making and selling of the system is looking to make a profit, how much money can they possibly be making on each system. And if you're only making a few pennies on every system, how much quality control do you really think is going to go into the manufacturing process?

- Collapse -
Of they got hit with FIRESHEEP.

Ask them if they used their machine at a free wifi hot spot.

FIRESHEEP is causing many to lose control of their facebook and twitter pages.
Bob

- Collapse -
infected facebook pages

Hi Bob,

The machine is a desktop & is using a wireless connection. After I posted my message, I contacted her and we changed her password from a remote location. I told her that she cannot login in her PC until we the machine is clean. Roughly 3 hours after she changed the password on a remote pc, her facebook was hacked again.

Is it safe to assume that she may not have a virus/spyware rather the issue is an internal issue for facebook?

For the record, her daughter maintains her own facebook acct on the same pc but for some reason(s) her acct has not been hacked.

Thanks for your reply.

Hershel

- Collapse -
Yes. FIRESHEEP can do that.

Did you google FIRESHEEP?

- Collapse -
Infected facebook pages

Hi Bob,

I questioned her about how she is accessing the net. She lives in a condo and is getting "free net" by picking up signals from another router or routers. So, YES given how firesheep spreads, I can easily see why she is perpetually vulnerable. I assumed that she paying for net services.

- Collapse -
The sad news is that this was easy to avoid. I'll share how

1. Use WPA PSK networks. Even free wifi could move to this and all that the free wifi would have to do is post the password.

2. Yes you can wait for Facebook or Twitter and other sites to catch up but today with one change, this would not have happened.

3. Continue to use free wifi but don't do anything you don't have to do.

In closing there will be more and more exploits arriving soon. Open Wifi is dead.
Bob

- Collapse -
mistake

I understand how firesheep operates - didn't mean to use the word spreads.

- Collapse -
Facebook is a "known" security risk

What the browser displays when your friend is logged into Facebook has no relevance to what security applications the computer has.

The problem is in the Facebook web site itself, and your friend's "Privacy" settings. Facebook does not make it easy to change these settings, but it is advisable for her to limit who can see her on it to just relatives, or just relatives and friends.

Here's an article about the Facebook privacy settings;
Sophos's recommendations for Facebook settings.

Mark

CNET Forums

Forum Info