Monday, October 8, 2012

Facebook virus alert: eventforyous "www .vidolaughs. com"

To remove this Virus go HERE. (opens in a new window)

I think most of my readers (maybe even all THREE of you) are anti-Facebook but for those that have children on FB, here's a little warning. As I have three of my six daughters on FB, we've come across the latest virus. Being the old White Hat that I am, I'll post a little info on it here knowing that Google likes to index the crap out of this blog and it should reach a majority of people Googling for a fix to the problem.

(Sidenote: Google indexed this blog post in 18 minutes. 0_o)

If you've seen a goofy Facebook post that has horrific spelling like this:

"hahahahaha <name of recipient>  i cant believe whaaat u did in thiss videeoooo it's sooo stupid it's all over face bok!!! gooo hereee removee theee spaaaces -----> www .vidolaughs. com "

then you have witnessed the handiwork of a hacker. With a simple suggestive hook (ie., look what you did AND it's on video) an unsuspecting user willingly clicks on the link provided. In this case, it is VidoLaughs.com.

Several warning bells should sound in your head when you see this stuff. Misspellings THAT bad are dead giveaways for hackers posting in a non-native language. Simple misspells like VidoLaughs instead of VideoLaughs are suspicious but the ridiculous "whaaat" and "videeoooo" are most certainly done on purpose to gloat the unfolding malicious act. Taunting, if you will.

Always watch the URL when accessing an unknown site. If you are clicking a link like the aforementioned VidoLaugh.com but when your page loads and the URL clearly says "eventforyous.com/login.php" then you should not proceed any further.



Picture courtesy of YooSecurity (note the URL)

This is the classic FAKE login page that will steal your information once you attempt to log in.  The only good news, so far, is that the hackers, in this case, are NOT changing the passwords on the FB accounts once they have access. They are only logging in, spamming the bogus links, and moving on.

If you are affected by this hack, at this point, you can simply log in to FB and change your password.  You would also be wise to run a virus scan on your computer. I recommend Malwarebytes software for a safe and easy solution. I've used them for a few years now and with constant FREE upgrades, I haven't been stumped by a bug yet.

A little geek research for fun:

VidoLaughs.com appear to be located in Portugal, although this is most likely a mirror.

A WhoIs search on VidoLaughs shows a Registrant Protected status but shows the name of the server as ns1.clearfbevent.com. Clear FB Event, as in Clear out Facebook Event? Hmmm. The name VidoLaughs.com was just registered on Oct 2, 2012.

Of course, a quick visit to clearfbevent.com shows nothing. However, a Google search of "clearfbevent" shows 704 entries where the phrase clearfbevent was used in what appears to be a link scam for traffic. "Click here for a free Apple iPad 3" type advertisement.

This attack is mostly (90.6% of visitors) occurring in the United States, says Alexa (click on the "audience" link).

10 CLS
 
20 PRINT "Hello, world!"
 
30 PRINT "OrangeJeepDad blog is awesome"
 
40 REM "Visit us daily"
 
50 CLS
 
60 PRINT "All your base is belong to us"
 
70 END
 
80 LOL

29 comments:

  1. thanks so much, I've received a message typically like what u have wrote.. it was sad instead of stupid hhhh, I just suspected in this message and did a search about vidolaughs.com at google, and I found ur page ( this one ) at the page no.1 as a very advanced sequence . so Congratulation :)

    ReplyDelete
  2. @crookedalley Thanks for commenting!

    @mo7eb Thanks. Not sure why but Google indexing this blog lightening fast. Glad you found it and thanks for stopping by.

    ReplyDelete
  3. if you use WOT u see this site as the only green one. and google did it so that people would know if they searched for it.

    ReplyDelete
  4. Hahahahaha I hate myself sooooooooooo much

    ReplyDelete
  5. This comment has been removed by a blog administrator.

    ReplyDelete
  6. Thank you so much one of my closest friends posted the same thing on my timeline and i started freaking out but now i understand! Thank you so much! this was really helpful.

    ReplyDelete
  7. As I website possessor I believe the written content here is really excellent , thanks for your efforts.


    hotmail password recovery

    ReplyDelete
  8. A real informative blog like this is an exceptionally cool helping resource for a needy information seeker like me! Thanks a lot...

    ReplyDelete
  9. It is bad news for all those users who used facebook too. free antivirus download

    ReplyDelete
  10. All County Air Provides Installation, repair and service of all types and brands of commercial and residential air conditioners in Florida.
    AC Repair Florida

    ReplyDelete
  11. Thank you so much! this was really helpful.
    AC Service Kenosha

    ReplyDelete
  12. I believe the written content here is really excellent , thanks for your efforts.
    AC Repair Pearland

    ReplyDelete
  13. Google did it so that people would know if they searched for it.
    Ac Repair Friendswood

    ReplyDelete
  14. I feel strongly about it and love learning more on this topic.
    Refrigeration Service Portland

    ReplyDelete
  15. Generally I don't learn post on blogs, but I would like to say that this write-up very compelled me to take a look at and do it! Your writing style has been surprised me. Thank you, very great article.Also visit my page

    ac repair pearland - Horizon Air Conditioning Company has been in business for years, proudly serving both residential and commercial customers in the Houston area, particularly Missouri City, Sugar Land, Stafford, Pearland, and Rosharon.

    ReplyDelete
  16. Thanks for sharing such an interesting information.

    ReplyDelete
  17. i have no clue what this is i got a link from my friend saying to go here!

    ReplyDelete
  18. Thanks for sharing such a nice and awesome information here.I have learned some thing new and different from here .
    houston used cars

    ReplyDelete
  19. The blog is unique that’s providing the nice material. Please post more interesting articles here. infographic design

    ReplyDelete
  20. Great webpage buddy, I am going to notify this to all my friends and contacts as well. social media infographics

    ReplyDelete
  21. I've been using AVG protection for a number of years, and I'd recommend this Anti-virus to everybody.

    ReplyDelete
  22. I really enjoy simply reading all of your weblogs. Simply wanted to inform you that you have people like me who appreciate your work. Definitely a great post. Hats off to you!

    ReplyDelete

Don't you spam me...I'll just delete it!