Alert!

For the last several days, a computer virus is spreading via Friendster messages. If you received any message from anyone with subjects such as Hi!, Hola!, among others with content something like the following below, please do not click on the link.

Hi,
it’s been a while since we talked,
I hope you are doing good.
I just wanted to tell you about my new profile, I dont use Friendster anymore…
[Vulnerable URL with a .info domain name]…

Clicking on the vulnerable URL will result in the virus installing itself on your computer system. If you are logged on to Friendster, the virus will send similar messages to all your friends connected with you on Friendster.

I just realized that, there is a method to block the Flash-based applications in Friendster profiles. This works only for users of Mozilla Firefox web browser with the Adblock Plus extension installed.

When viewing any web pages with an embedded Flash object, in this case a Friendster profile with Flash-based applications, a “Block” tab will appear either above or below the Flash object. Click on the tab and add the URL of the Flash object in the Adblock Plus block list. You may modify the URL to specify only the domain name of the URL to block all contents from the domain name. This is more effective as some of the same application is hosted over multiple subdomains.

Social network sites are popular among Internet users today. Using social network profiles, users establish a network with their contacts, such as friends, alumni, company, political parties, family or even just to make friends. Friendster is perhaps the most popular social network site in Malaysia and South East Asia. Catching up on popularity is Facebook.

While I just joined Facebook recently, I have been a Friendster user since 4 years ago. One of the new features of Friendster, which is also available in Facebook is the ability to add applications in profiles. Applications range from games, horoscope, music, video, etc.

The applications serve to spice up a member’s profile by providing members a with choices to integrate interesting content in his profile. However, with more and more applications being developed, more and more users add lots of applications in their profile. And, this resulted in slow loading of profiles and at time caused web browser to get into a not responding status.

Well, many of these applications load images and animation, some to the extent of having sound and video, causing a pollution of multimedia contents in a profile.

To make matter worse, the ability to post animated greetings as Friendster comments would not do any good. A relief is that Friendster does provide the safe mode settings to disable the customization of profile layout but it does not work with the applications.

Friendster and Facebook as well as other social network sites should look into this and take necessary steps to prevent pollution of multimedia contents, in particular the applications.

This is not the first time I am writing about this. Perhaps not even the 2nd time, I can’t remember. But recently, chain messages and bulletins spread in Friendster again. As usual, most of these chain messages require you to forward to your friends within x minutes, otherwise, some bad luck is said to happen, and these include claims that “you will get murdered” and in some distasteful ones, it even claims that “your mom will die in x hours”.

Come on, I have ignored and deleted all these useless messages but nothing happened, alright? Why not we all play our role and ignore all these messages? By ignoring them, nothing will happen to you or your family, ok? And best of all, we get to save Internet resources for more useful transmission of data. And also save the computing resources of Friendster web servers and database servers which have been overloaded and work slowly at times.

To those who always forward them and so gullible to believe the contents of these chain messages, don’t you think it is distasteful to claim that the recipient or the recipient’s mom will die if one does not forward the message? Think again.

Remember the so-called fictious Allen Smith of Friendster? Yes, the chain messages that were circulated via Friendster messages and bulletin telling you to forward to at least 10 people or have your Friendster account removed. It seemed to have stopped some time ago when disgruntled users in a tit-for-tat posted messages telling people not to forward those messages and even Friendster admin published an FAQ on the issue.

However, the Allen Smith messages resurfaced recently with more and more gullible people falling to this trap. However, this is not as serious as being gullible to email scams. With email scams, your gullibility may cost you your bank account or any e-commerce access. It is well known that such email scams sends spam in bulk and disguise as a mail from your bank requesting you to login to update your e-banking password and ATM PIN.

In the above case, unsuspecting users would click on the URL provided in the email and redirected to a fake website of the bank. The fake website looks almost exactly similar to the actual bank website, and the URL shown in the email looks like its from the actual bank, but actually redirects you to a web host in Russia or other countries. The gullible user will then fill in the username and password and perhaps ATM PIN number if requested. Instead of accessing his bank account, the host captures the login and ATM information and have it stored in database which will then be used for malicious purposes. Usually, after entering the information, the user will be redirected to the actual website.

How can one differentiate a fake website from a real one? Now, all e-commerce transactions must be secure transactions. One way to differentiate is to look at the protocol used. All secure website used the secure HTTP protocol, which results in the https instead of http. Besides, one should also be aware of the actual domain name of the bank, and be sure the URL accessed is correct. For instance, if your banking website is www.xyzbank.com, make sure the URL is https://www.xyzbank.com/… (notice the slash at the end of the domain name, which might be followed by the full path) and NOT http://www.xyzbank.com.server.ru/.

Some browsers like Mozilla Firefox displays the location bar in yellow when accessing secure websites. This helps to alert you that if the color of the location bar is white when accessing a supposedly secure website, you may be in trouble.

Hence, it is important that all Internet users should learn not to be gullible. Start by NOT believing on chain messages via email, instant messenger, social networking sites, etc. If such a simple guideline could not be followed, some day you might end up cheated by such scams that affect your bank account.