New Facebook Worm Posts Updates Automatically Infecting Friends

OUCH…  I just got an update on Facebook from a friend asking what I was doing in a video they saw.  I clicked on the link and discovered I needed to log in again to Facebook again…  Huh, that’s odd I thought as my fingers quickly leveraged muscle memory and banged out my username and password again.  And just when my pinky was pressing the enter key, that voice in my head went off and I realized I didn’t check the URL on the link.  Sure enough, the site I just logged into was NOT even though it looked just like Facebook.  Crisis mode…

I quickly jumped back into my REAL Facebook account and checked who else received my friend’s “message”.  Sure enough, the same message was being posted to every one of her friends obviously through an automated worm which I probably just picked up.  Groovy…  I just fell victim to a classic Phishing attack.

How did this happen and how can you stop this from happening to you?

image Here’s the post I got on my wall and as you can see, it looks like an but it redirects you to an outside site that asks you to log in so it can harvest Facebook accounts.  They did a good job with this one (unfortunately).  As you can see from the URL, although it might look exactly like Facebook, it’s not.  Yup, typical Phishing con.


I got a post on my wall that looks like this, what should I do?

First things first, DO NOT follow this link, if you see this message or anything close to it, simply delete the post so no one else will click it either. Next, you should call, text, or email the person who you got this to let them know their account was compromised. It’s important to let them know because they’ll need to get rid of the culprit. You can direct them here to find out how in the next step.

My account is sending out posts to all my friends, what can I do?

Step 1  – Login to your Facebook account and go to Account > Application Settings

Step 2 – Confirm you have the following two applications:

  1. coma estas
  2. Veoh Videos

Step 3 – Go to the little x on the right side and delete both the applications.



Once you delete those two applications your auto-updates/posts should stop right away. I also highly recommend you change your password immediately since they collected it earlier.

These types of things will most likely get worse in the future so we need to always be aware of what we’re agreeing to or signing up for when allowing applications to access our Facebook account. In this case, the malware appears to only be interested in spreading itself but just imagine if it might have been something REALLY nasty…  Hopefully, it didn’t…

So, be smart on the web, don’t do what I just did by not checking the URL before clicking on it.   We always want to be certain that we’re giving our information to the correct place because the last thing we want is our user ID and passwords floating around in a hacker’s database!  Yeah, not groovy!



  1. KM

    September 26, 2010 at 10:11 am

    Any suggestions on how to find all the posts the worm has made using my account? I can sift through all my FB contacts if I have to, but for some people, it could take all day. There’s no notice on my wall of most of these posts.

    • Jordan Austin

      September 27, 2010 at 8:54 am

      From what I’ve seen with this worm it takes several hours to actually have it kick in and start auto-posting. If it gets to this point all of the updates will be back to back so it should be fairly simple to see them in a row and delete them.
      I think the area that’s a little unclear to me is why a deleted update stays on someone’s profile even after the author has deleted it.

      Maybe someone else has more insight?


  2. shockersh

    September 26, 2010 at 11:04 am

    Don’t forget, this can happen ANYWHERE. I get phishing attack emails all the time saying stuff like:

    Hello – This is Bank of America Security. It appears your account has been compromised so we need you to login and confirm or dispute charges. Please click the link below to login:

    Crap like that! although the link LOOKS like Bank of America and the website looks like bank of America, it isn’t!

Leave a Reply

Your email address will not be published. Required fields are marked *


To Top