Google: "Your Computer Appears to Be Infected" This Warning is Not a Scam, But, Beware of Where it Shows and What May Come Next

Google's Virus Warning is NOT a Scam, But, Look Out for Future Postings, They May Be Look-alike Scams

By Cesar Ortiz - (Article first published in Yahoo! Contributors/ABC News). This article is based on a Google blog page posting, this issue has been covered in many publications as a news item, including my own blog and my own article published worldwide on Yahoo!/ABC News. In this opinion I express my concern of what will be coming next as a result of Google bringing up the subject matter in the way they did. In other words, Google is using the same procedure that scammers use every day to get users to link to malware,but this time the link they will click is a real help page. Scammers will copy-cat the virus warning and hit the users with a malware link instead of a help page.

We received a Google Blog posting from Damian Menscher, a security engineer at Google, describing how he identified that infected computers were sending search traffic through proxies to the search engine. When you do a search, it sends you to a Google proxy IP then, just before doing the search, changes the search string and shows malware pay per click sites in a very "professional looking" graphics to trick you to think that you are going to legitimate sites.

Mr. Menscher explains the following "As we work to protect our users and their information, we sometimes discover unusual patterns of activity. Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or "malware."

Google added that "As a result of this discovery, today some people will see a prominent notification at the top of their Google web search results. We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections"

This is a Google's first. They had never done this type of notification before. The notification will ONLY show at the top of the main Google page and it will be a page wide window with a black bar at the top. A similar black bar was seen when Google was testing to launch their Google+ service recently. The body of the window is in yellow and it will read in black letters:
"Your computer appears to be infected.
It appears that your computer is infected with software that intercepts your connection to Google and other sites. Learn how to fix this [Link]"

This message is for real. More than two million computers have been infected worldwide so far. If your receive the message, Google has detected that your PC is infected with a malware that appears to have gotten onto users' computers from one of approximately a hundred variants of a fake antivirus, or "fake AV" software that has been in circulation for some time. This time, one of the variants uses the Google service to scam users, therefore prompting Google to step in. When users click on the "Learn how to fix this" link, they are taken to a real Google page that will help users to get rid of the AV virus.

Up to now everything is running smoothly, but, now comes the catch, we know that scammers will design or copy the warning window that Goggle has been running since July 21, 2011 and that in the "Learn how to fix this" link in the fake window they will send users to an scam malware page. We can expect that Google will make sure that no one will be able to insert a fake message to replace the real one that they are posting in good faith, but no one can prevent hackers to insert a fake look alike window, with a malicious link, somewhere else, including a full fake Google main page.

Users must be alert that when they connect with the Google main page the address bar will show the proper address such as http://www.google.com/. There will be variants because Google routes users according to their detected geographical location. Make sure you have your anti virus software up to date and that is running in real time mode and be aware that Google will post this warning message ONLY at the top of their main page. If it shows somewhere else, it is a scam, no matter how real it may look.

facebook “Eat for Free at Pizza Hut!” Internet Scam is Spreading Virally


By Cesar Ortiz- (Article first published in Yahoo! Contributors/ABC News) Thousands of facebook users are receiving the following message "Eat for Free at Pizza Hut!" from one of their friends who unwillingly posted this scam message to all his or her friends. The scam leads to at least a one "Work at Home advertising" that is designed to steal a user's personal information. The scammers change the contact link so fast that when we did a test, several schemes of pay per click and user information request show up, but all use the "Free Pizza Hut Eat for Free" scheme. Users that fall into this trap receive the following message: Beginning of quote
Eat for Free at Pizza Hut!
[LINK] changes to avoid facebook ban detection
Take advantage of this special Pizza Hut offer! Receive a FREE pizza coupon today! Act quickly before the supply runs out. With only a few coupons left, they'll go fast!
xx minutes ago
End of quote

The scammers went with very professional looking Pizza Hut Logos and graphics that will deceive someone that is in a hurry, don't read security blogs to know what is ahead, or is not very suspicious of scams. Users who receive this message from one of their friends will be taken to a very professional looking web page with a super pretty Pizza Hut logo that explains "that the offer will expire in a certain date or when the remaining xxx offers have been given out!".
In the same graphic, users are then presented with a two step option:

Step 1 is to click the "Share" button. At that point and time victims are sending the scam to all their friends, therefore propagating the scam all over the Internet.
Step 2 is to type "The greatest food!" at the "comments" window. Doing this step redirects your browser to a third party page (pay per click money for the scammers). Users are then taken to a "Work at Home" advertising page that before you make "Tons of Cash" you have to give the following data: Fist Name, Last Name, Address, Country, State, City, Postal Code, e-mail and Phone. After you provide all the information, there is no more communications from the web page and of course, there is no free Pizza Hut offer. As the saying goes, "There is no such thing as a free lunch."

What the scammers do with all the personal information provided is anybody's guess.
Users who fall into this trap should do the following steps:

• (1) Remove any related items from your Facebook newsfeed wall page (2) Notify your friends and make sure you explain that you sent them the scam posting unwillingly (3) Run your Anti-Virus in full mode and set it to real-time scanning.

Opinion by the author - facebook bans scamming addresses (URL's), but scammers change them so fast that is very hard to cope with; incidentally, someone is using the Pizza Hut Logo in an illegal scam all over the Internet, Where is Pizza Hut or parent company Yum! Brands, Inc. the world's largest restaurant company? There is no mention of the scam on the Pizza Hut Facebook page. At least, they can publish a disclaimer or a warning regarding the scam. They sure have the money to hire resources to track this people using their trademark's logo in illegal internet scams. Are they waiting for someone to sue? If someone uses the Pizza Hut logo illegally in a newspaper or a media outlet outside the Internet, it will be a matter of hours before an army Yum! Brands, Inc. lawyers jump into action, why not do the same when it is on the Internet? Pizza Hut and other brands that know that scammers use their trademarks may not be legally bound to do anything, but practically and morally they are.

Twitter: “ Twitter Might Start to Charge in October, Sign This Petition to Keep the Service Free ” Scam is Spreading Fast

By Cesar Ortiz
In this variation of the “scares” scam, hackers are attempting to steal your user name and your password and in turn, your private credentials, and in effect, take control of your account for hidden criminal actions. Users will receive a message from one of their friends passing up the “news” of a possible monetary charge for the social service. Hackers are using human social engineering in making sure they are not mentioning a final determination to charge, but rather they mention that there is a “possibility”. Users will think that there is no harm to sign such a petition. The research firm Sophos warned of the scam originally. In the scam scenario,one of your friends that already have fallen in the scam will unknowingly send you a message post that will say:

"Twitter might start to charge in October, sign this petition to keep the service free! -URL- http:/bitly.zxxx[Link]”

Let’s pretend for a moment you are the victim user. When you click on the short link to access your petition, a problem “appears” to happen. You are then presented with a very, very Twitter professional looking frame with logo and perfect colors and typefaces (a fake). In the window you are warned that your session has timed out and that you need to "re-authenticate" and login again. Users will “need” to proceed and type their password and user name in the Twitter fake window. As soon as the user clicks the login button, a hidden script will propagate the same message received about the scam to all his or her friends, therefore propagating the scam. The same script will record your credentials.

Needless to say, the “petition” is not shown anywhere. Unsuspecting users that clicked the short link may expect that many other unknown actions will take place from that point on, since the criminals have the user name and password. Users who fall into this trap should move quickly and do the following:

(1) Change your password immediately.

(2) Go to the Twitter Web Site using a PC, if you can, and revoke any application with a related name to the scam and revoke and delete any unknown posts, photos, API’s and any post, friends or anything else that does not look familiar to you. Remember, the scammers had full access to your account and a malicious script can create and post anything using a hidden malware. Be on the look out for scam e-mails and scam phone calls. Take your time on this task. Twitter is aware of this scam and is taking measures to block, warn users and mitigate the scam damage, but scammers will change the location of their DNS servers and URL’s sites very fast to keep the scam alive.

(3) Notify your friends of the scam and help them clean up the mess, make sure that you mention that you did not send the scam related post willingly, but rather unknowingly.

(4) Run your anti virus in full scan mode and make sure you set the anti virus program menu to "Real Time" scan.

Facebook: “ This Girls Must Be Watch Out Of Her mind After Making This Video " scam uses photo tagging. The USA Law Does Not Requires a User Permission to Be Tagged

By Cesar Ortiz

This scam is spreading virally in Facebook. The syntax errors and improper use of the English language in the title is done on purpose by the scammers to fool scam detection robots. This is a variant of the “This Girl Must Must Be Watched” scam theme widely used in Facebook. In the scam, you receive a video with the title above from one of your friends. The video will show a semi sexual explicit image. Coming from one of your friends, one wonders what is in the video and will click the “Play” video arrow. The friend video has been tagged by a malicious scam script and the video will show that it is coming from him or her. In reality, your friend did not send you the video on purpose, but rather a malicious scam script tagged his or her name to the video and originated the post. The same scam will be sent to all his or her friends and you will activate the malicious tagging script if you click on the video. Users who click on the “Play” video arrow will be taken to a permission screen before “seeing” the video. In that permission screen, users will be granting the following to the scammers:

(1) “Access my basic information” (2) “Post to my Wall” (3) “Access my data any time” (4) "Access my photos and videos”. When all is done, there is no video anywhere.

In other words, a user has given a scammer total control of his or her account, including control of video tagging. The malicious script manages to tag the victims name to the friend’s porno video post. Facebook will notify you when a friend tags you, but not as a default. Much better and safer will be if you are notified by default and be asked to approve the tag before it is accepted by Facebook. That is not the case at this time. Incidentally, even when done in good faith with no scam involved, the law does not require the taggee to be asked when it is tagged. This subject has been covered fully by Sophos IT Security experts. Please, see the example below:

(Beginning of Judge Opinion extract”

APPEAL FROM BOYD CIRCUIT COURT HONORABLE GEORGE DAVIS, JUDGE ACTION NO. 08-CI-01308

“Jessica J. Lalonde v. Adam N. Lalonde case at the Commonwealth of Kentucky Court of Appeals. The opinion of the court was delivered by: Lambert, Senior Judge Rendered: February  25, 2011; 10:00 A.M. by Lambert, Senior Judge. Jessica J. LaLonde appeals from that portion of a decree of dissolution of marriage that confirmed the report of the domestic relations commissioner and awarded her joint custody of a minor child but granted physical custody of that child to her former husband Adam N. LaLonde.

Jessica first argues the commissioner's decision was partially based on improperly admitted evidence. Adam introduced pictures of Jessica taken from the social network site Facebook. These pictures in general display Jessica enjoying parties and apparently consuming alcoholic beverages against the advice of her mental health treatment providers. Adam argued she had obviously not been truthful with her treatment providers when she indicated she had suspended or significantly diminished her consumption of alcohol. Jessica additionally argues that because Facebook allows anyone to post pictures and then "tag" or identify the people in the pictures she never gave permission for the photographs to be published in this manner.

 

Demonstrative evidence such as these pictures must be supported by sufficient evidence to support a finding that the pictures are an accurate representation of what is claimed. Kentucky Rules of Evidence (KRE) 901(a). While typically, such supporting evidence is the testimony of the person who took the picture that it accurately depicts the reality of the photographed situation that is not the only manner to authenticate a photograph. Authentication only requires “testimony that a matter is what it is claimed to be." KRE 901(b)(1). Here, it was Jessica herself who acknowledged that indeed, she had been drinking alcohol and the pictures accurately reflected that activity. That testimony was sufficient to authentic the photographs and they were properly admitted into evidence”.

(End of Judge Opinion Extract)

Users who where affected by this scam must take the following steps:

To remove this hack, users will have to do four things (1) Remove the subject messages by clicking on the small “x” to the right of the message, this stops spreading the scam to your friends and (2) remove any related application in the “Profile Information”, “Privacy settings”, “Application websites” such as “This Girls Must Be Watch Out”. (3) Make sure you notify your friends that you where infected so that they can clean up their own account (4) Change your Facebook password immediately (5) Run your Anti-Virus in full scan mode.

Twitter: iTunes Gift Card Scam Moves From Facebook to Twitter

By Cesar Ortiz

A variant of the familiar Facebook Free iTunes Gift card scam that we covered in this Blog on July 6, 2011 is back, but now is spreading virally in Twitter. The scam begins when users receive messages from their friends with enticing text that offer free iTunes Gift Cards. The message from the unsuspecting, already a victim, friend, read like the samples below:

(Beginning of quote)

“i have got,get yrs free iTunes Gift Card giveaway today [LINK]

wow,iTunes Gift Card got just today free lol [LINK]

awesome lol,today got iTunes Gift Card [LINK]

Your Chance to choose Your Best iTunes Gift Card [LINK]

Find out how to get a iTunes Gift Card! [LINK]”

(End of quote)

Unsuspecting users who click on the friend’s message about the “Free iTunes Gift Card” will trigger the scam hidden script immediately. According to security researchers, all of the scams will show a profile of a pretty female photo, at times wearing very few clothes or a bikini. The very professional looking window will tempt users to follow the lady, sometimes called Milda Fountaine or Lucy Adams with interesting feeds of tweets like quotes of the day, but inserted in the feeds is one that says:

 “[Blue letters link] Milda Fountaine2-Milda Fountaine awsome lol  today got iTunes Gift Card

www.arks.in/ogtd

xx minutes ago"

Users who click on the blue link before the Milda name in the hope of receiving a Free iTunes card will immediately send the same message that they just received to all their friends, therefore propagating the scam. After clicking the blue link, users will receive an enticing advertising or form related to the user location country and city. It could be an offer for a Friends Club, Dating Club or any male oriented  “pay per filled form” site that unsuspicious or shady merchants contract the scammers for. If you clicked on to “Follow” Milda Fountaine, you have given permission to the scammers to play and even hack your Twitter account. Another option is to invade you and your friends with scam offers. Please beware that a malware (virus, password, credit data hacks) link can be inserted anywhere in the scam, therefore creating a more serious problem. There is no iTunes Free Card anywhere.

To remove this hack from your Twitter account, (1) Go to the Twitter Website page, log-in to your profile (1) Click on your user window pull down arrow at the top right of the menu where your thumbnail picture is ( 2) Select “Settings” (3) Select “Applications” (4) “Revoke Access” to any related scam application (if any) (5) Delete all related tweets (6) Contact and help your friends to clean up their accounts (7) Run your Anti Virus in Full Scan mode.

Facebook Amy Winehouse Leaked Video Scam Spreading Fast Worldwide

By Cesar Ortiz
Just a few hours after the unfortunate death of singer Amy Winehouse, insensitive money  driven scammers have began to circulate a malware scam where they claim to have a bad taste video of the singer. We hate to publish the text of the scam, but we have to in order to warn users not to fall into the scam. Reality is reality and there are some bad souls out there in the social media field that mean to do harm specially when tragedy arises.

The scam will show the following window from one of your friends in your Facebook Newsfeed:

A Facebbok real looking window and links with a sepia-green tone picture of what appears to be the late singer. The window shows the following:

 “Amy Winehouse is dead!!!

Leaked Video!! Amy Winehouse On Crack hours before death

[Link]

Amy Winehouse getting high on crack just hours before she died

Xx hours ago”

Another scam derivate, with a gross picture will say:

“Video leaked of amy winehouse's death!!! Warning: Graphical Content.
[LINK]
Amy Winehouse OVERDOSE VIDEO LEAKED! - RIP AMY”

When unsuspecting users click on the “Share”, “Comment” or “Like”  link, the malware will immediately send the same "Leaked Video" message received by the user to all his or her friends, therefore propagating the scam. The next step in the scam is another window that asks users to complete a survey before they see the “video”. When users complete the survey they are sent to a fake none descript page that shows nothing, of course. This is where the scammer gets the money. Unscrupulous or unsuspecting merchants will pay scammers per completed survey. The survey is one route the scammer will take. Other options are more dangerous and will change fast, like signing for expensive alerts plans, Two dollars per minute charge calls, cellular scams and outright fraud.

To clean this mess, victims should do the following:

      - Go to your Facebook page and select your “Newsfeed” and delete the related post by clicking the blue “X Remove Post” button to the right of the Amy Winehouse Leaked Video entry. The button will show when the mouse cursor is moved around the top right margin of the post.

       -Notify your friends to follow the same steps.

       I urge users to please report this ugly scam directly to Facebook:

(1) Go to the Facebook website. Log into your account with your username and password.
(2) Click on the "Messages" link in the left navigation pane.
(3) Click on the message that you want to report as spam.

(4) Click on the "Actions" drop-down box. Choose "Report as Spam" from the list of options.

 (5) Click the "Report as Spam" button to confirm.

Google: “ Your Computer Appears To Be Infected ” Warning is Not a Scam, but, Beware Of Where It Shows And What May Come Next

Original Article Published by The Author in Yahoo Content Network as:

Google: “ Your Computer Appears To Be Infected ” Warning is Not a Scam, but, Beware Of Where It Shows And What MayCome Next.

By Cesar Ortiz

In July 21, 2011 in Google's own Blogger page there is an article signed by Damian Menscher, a security engineer at Google, describing how he identified that infected computers were sending search traffic through proxies to the search engine. When you do a search, the malware sends you to a Google proxy IP, then, just before doing the search, changes the search string and shows malware pay per click sites in a way that leads you to think that you are still being in the real Google.

Mr. Menscher explains the following “As we work to protect our users and their information, we sometimes discover unusual patterns of activity. Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or “malware.” As a result of this discovery, today some people will see a prominent notification at the top of their Google web search results. We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections”

The notification will ONLY show at the top of the main Google page and it will be a page wide window with a black bar at the top. This same bar was seen when Google was testing to launch their Google+ service recently. The body of the window is in yellow and it will read in black letters:

“Your computer appears to be infected.
It appears that your computer is infected with software that intercepts your connection to Google and other sites. Learn how to fix this [Link]”

This message is for real. More than two million infected computers have been detected worldwide so far. If you receive the message, Google has detected that your PC is infected with a malware that appears to have gotten onto users' computers from one of roughly a hundred variants of a fake antivirus, or "fake AV" software that has been in circulation for a while. This time, one of the variants uses the Google service to scam users, therefore prompting Google to step in. When users click on the “Learn how to fix this” link, they are taken to a real Google page that will help users to get rid of the AV virus.

Up to now everything is running smoothly, but, now comes the catch, we know that scammers will design or copy the warning window that Google has been running since July 21, 2011 and that in the “Learn how to fix this” link they will send users to malware scam trap. We can expect that Google will make sure that no one will be able to insert a fake message to replace the real one that they are posting in good faith, but no one can prevent hackers to insert a fake look alike window somewhere else, including a fake Google main page.

Users must be alert that when they connect with the Google main page the address bar will show the proper address such as http://www.google.com/  there will be variants because Google routes users according to their detected geographical location. Make sure you have your anti virus software up to date and that is running in real time mode and be aware that Google will post this warning message ONLY at the top of their main page. If it shows somewhere else, it is a scam, no matter how real it may look.

UPDATE By the Author August 31, 2011

Update-August 29, 2011 Researchers evade Google redirect notice
Staff Report: SC Magazine-

http://www.scmagazineus.com/researchers-evade-google-redirect-notice/article/210774/

Researchers evade Google redirect notice "The Burmese YGN hacker group on Sunday detailed a URL redirect vulnerability that bypasses Google's notification to users that they might be visiting a malicious site.The flaw exists in the way that Google checks redirected URLs against a blacklist of known malicious web sites.
The attacker would send a victim a proxy server link which redirected to a malicious URL and, when clicked, would verify if the landing website was blacklisted by Google, researchers said. If it was, the server would generate a second malicious URL to infect users."

This is exactly what I predicted in the article above on July 23, 2011.

Facebook “ Leaked Video of Casey Anthony Confessing to Lawyers “ Scam is Spreading Virally

 

By Cesar Ortiz

Crooks and criminals don’t care how they make money even when there has been a small child murdered. This fast (spreading in the thousands per hour) scam will promise a “leaked” video of Casey Anthony confessing to her lawyer. Casey Anthony was found not guilty last week in a landmark criminal case in the USA that provoked unprecedented public reaction. It was a matter of time until the scammers will attempt to profit with this sad happening.

Victims will receive a message from one of their friends with a picture of a sad Casey Anthony and to the right of the photo, the following text:

“BREAKING NEWS - Leaked Video of Casey Anthony CONFESSING to Lawyer!
mabwoo.info

Click To See - She can't be re-tried, double jeopordy.. OJ all over again!

X minutes ago…”

Let’s pretend that you are the victim for a moment, if the victim makes the mistake of clicking on the “BREAKING NEWS” blue upper link, you will immediately and unwillingly begin sending the same message you received to all your friends at this time, therefore spreading the scam. As the next step, users will be taken to a very Facebook looking blue and white “Age Verification Screen” that says “ Are you older than 13 years of age? Click “jaa” bottom 2x to confirm and play video. By clicking jaa you certify that you have at least 13 years and that you do not violate the Terms of Service”.

Suspecting users will wonder where is the “jaa” button?  Jaa means “Share” in Finnish. The crooks want to spread the scam as worldwide as possible. There is no “jaa” button, but there is a “Play Video” button, so many will opt to see the video nevertheless and click on the “Play Video” selection. A YouTube looking screen will come out with another “Verify Your Age” Facebook looking fake pop up. This time the scammers want you to “verify your age by taking one sponsored survey that will only take 30-45 seconds and the chance to win a Toys R Us Gift Card! Or a FREE 500 gift card to spend at Argos” A real survey will show up and the scammers make money at this point. At the end of the survey you are taken to a news report page that says that Casey Anthony was found not guilty of murder. Deception all over the place. Many will ask if the owners of the surveys are aware that users are taken the surveys by tricking and deception. We don’t know.

To clean this mess, victims should do the following:

(1)  Go to your Facebook page and select your “News feed” and delete the related post by clicking the blue “Remove Post” button.

(2)  Notify your friends to follow the same steps.

Facebook “ Free Apple iTunes $25 Giftcard “ Scam Spreading Virally

Thousands of users worldwide are being taken to this scam whose only purpose is to earn money for the scammers. There is no free lunch anywhere, let alone the “free Apple $25 iTunes Giftcard. Victims are taken to real surveys that pay scammers money. The scam runs as follows:

Victimized users are posting messages in their walls that read:

“Free $25 Apple iTunes Giftcard

Bonusitunesgiftcard.blogspot.com

Limited time left, get yours now!”

Lets assume that you are the victim, when you click on the blue “Free $25 Apple iTunes Giftcard” link, you are taken to a webpage with an official Apple “man with the iPod” logo that urges you to follow two more “easy steps”, remember, you already clicked on one link (step 1), the second step is to click on an official Facebook “Share This” button to get your free card. When you click on step 2, you are then presented with a window with an  image of the real Apple $25 Giftcard and a Facebook “Share this link on your own wall” blue button, when the button is clicked, the Facebook interface will immediately send the same message you receive originally to all your friends, therefore propagating the scam.

The “last” step to “get your card” is step 3. Now you are presented with a window with a real Apple logo imagery so that you may think the “free card” campaign is endorsed by Apple. When victimized users click on the “finish by taking a survey” blue button, you are presented with a professional looking window that even has a “need help?” option. This window has a locked key image and is titled “Content Locked”, at this time, users should be suspicious, you followed three steps and no Giftcard yet?

Users are then told to select from three “offers” from winning an iPhone, a Mercedes or a Gucci shopping spree. You are then taken to a survey that could be on any subject. No one ever has received anything for taking the survey. What can you expect when you are taken by deception to a survey? As stated above, the surveys are real; therefore the scammer gets money for each survey taken.

To clean this mess, victims should do the following:

(1)  Go to your Facebook page and select your “News feed” and delete the related post by clicking the blue “Remove Post” button.

(2)  Notify your friends to follow the same steps.

Facebook “ The president is finally taking charge!! !" Scam Spreading Virally

By Cesar Ortiz

In this malicious attack, scammers are after your Facebook user name and your password. Since the scam is spreading at an alarming rate and thousands of Facebook users have fallen into the trap, the scammers will make thousands of US dollars by selling in bulk, the users name and passwords. The actual price for a single Facebook user name and password in the black market bids web pages fluctuates from $1.50 to $1.75.

The scam begins with a very “Facebook looking” message from one of your friends, already a victim of the attack. The message looks like a YouTube video of President Obama at a press conference. At the left of the message is a photo of the president framed by a YouTube interface with all the video controls showing. The text reads as follows:

“The president is finally taking charge!!

statistics.mit.edu (Link)

Is this is really for real?”

The image looks like a thumbnail but if a user clicks on it, the following events will happen behind the scenes; (please assume you are the victim) you are redirected, using a malicious script, to a real MIT webpage and immediately, automatically taken to a very, very,  professional looking, but phony, Facebook login page. This page is designed to steal your username and password from you. In the background, the malicious script is also sending the same message you received to all your friends therefore propagating the scam. Your user name and password are stolen from you the moment you click the blue "Login" button in the fake screen.

By the time you read this post, Facebook will have blocked the original scam addresses, but hackers quickly change to alternate sites to keep the scam alive as much as they can. Anti-virus and malware detection and cleaning software providers will come out with a detection and removal update. All this counter actions take about a week or more, enough for the criminals who run the scam to make money.

If you or a friend has been victimized with this scam, the following actions have to be taken. (1) Change the Facebook password immediately (2) Run a full scan, not a quick one, of your anti-virus or malware detection software (3) Notify the friend that sent you the scam (unwillingly) (4) Notify all your friends that you sent them the scam message unwillingly. Since we don’t have the hacker’s scripts, we don’t know what the script will do in your Facebook account. Look for changes in your contents, but most of all, run the anti-virus and malware detection tools in full mode to detect any malicious script injected in your computer and or Facebook page and change your password immediately.

" VISIT THE NEW FACEBOOK " Scare Spreading Virally in Facebook

This scare does not include any threat, malware, scam or virus attack; that is the reason we are calling it just a scare. At best, it is a waste of time and resources. Not to say that since it has been spreading in the wild at alarming proportions, some scammer will take a hint and modify the contents inside the message to include a malware attack. The Facebook message looks like this:

(Beginning of quote)

“Warning!!!

PLEASE RE-POST FOR EVERYONE!!!!!!!!!THIS NOTICE IS DIRECTED TO EVERYONE WHO HAS A PAGE ON FACEBOOK: IF SOME PEOPLE IN YOUR PROFILE OR YOUR FRIENDS SEND YOU A LINK WITH WORDS "VISIT THE NEW FACEBOOK ' DO NOT OPEN! IF YOU OPEN IT YOU CAN SAY GOODBYE TO YOUR PAGE. IT'S A HACKER WHO STEALS YOUR DETAILS AND REMOVES YOU FROM YOUR OWN PAGE. COPY AND SPREAD THE WORD”

(End of quote)

All the leading security labs, as well as us, have not found any malware or threat inside this scare. There is no "hacker", "no stealing" or any other damage, so far. Just delete it, don’t pass it along to others.