Facebook Candid Camera Messages Spreading Virus

My Dad called me today to say that he had a problem with his PC. A rogue anti-virus got installed on his PC and has hijacked it. He is running McAfee AV but that failed to stop it, although he did admit that he saw warnings, but really thought at the time that the virus program was a safe one.

I have Googled the fix for him and found that Malwarebytes have an automatic removal solution in place already. You can download Malware Bytes from Bleeping Computer (a website devoted to helping people prevent and remove viruses), here is the direct link: Malwarebytes’ Anti-Malware

Now, before you go jumping to any conclusions, let me make it clear that I may be adding to the confusion. As this evening I had a comment posted to my Facebook Wall that was obviously a bit suspect. It said “Jon, this is without doubt the sexiest video ever! 😛 😛 :P” with what appeared to be an embedded YouTube video of a woman with a large behind dancing. Admittedly I did click on it, rather foolishly. The person that sent it to me really is not the sort of person that generally sends such things, and I was curious.

Anyway, nothing seemed to happen, but I speculated that this may have been connected with the virus my Mum picked up earlier today, so decided to investigate a bit further. The current result is that I doing a thorough scan with Malwarebytes now, after having run CCleaner and Cleanup (two tools to help remove trash from all areas), my thinking that maybe the files are not active yet and they will clean them out…..

So, next was a Google for “Personal Antivirus” and Candid / Facebook together. Nothing. So they may not be connected.

No idea what the Candid Video virus on Facebook does apart from send itself on to all your Facebook contacts. Maybe it spreads a more serious PC hijacking Trojan virus. The thing about these things is that often they lay low for a few days. One person on Facebook said that it is a serious virus, although they did no elaborate on that. Another complained that Facebook as usual are doing nothing to stop it spreading. Great.

Will update you if I find out more. If you have any information let me know.


Just read this on Infosecurity-us.com and it explains what the virus does, although still unclear what its endgame is. There is a Facebook anti-malware scanner that can be installed though, so that is worth investigating.

“Patric Runald, senior manager for security research at Websense, told Infosecurity that the installed malware would steal a user’s Facebook username and password, log into the user’s account, and then begin to spread the malicious link by posting messages to group and user walls and via messages to friend/group lists.

To prevent possible infections from future scams, Runald told Infosecurity that Websense offers a free Facebook application called Defensio to monitor for malware and other malicious content on a user’s page. It can be installed for free on any user’s profile, both in a personal or corporate setting.”


It seems to me that Facebook is becoming a popular place for virus writers to peddle their wares. As security tightens on the Internet with improved web browsers and anti-virus software, Facebook remains vulnerable. People are quickly drawn into viruses when they think that their friend is trying to show them something. There are so many applications on Facebook that people are so used to signing up to apps and accepting terms and conditions that they do not think twice when a friend sends a video and they need to agree to something to watch it. Although in this case I am still not clear if any agreement os required, it seems a more advanced version of the one that spread a couple of years ago.

3 Comments on “Facebook Candid Camera Messages Spreading Virus”

  1. If it is related to the Facebook video virus that was circulating a couple of years ago then this is what happens:

    “When you click the video to begin, a message pops up and says you first need to download a newer Flash player to play the video.. When the user downloads the so called ‘flash update’.. it is the trojan”

    That was from Blogulate.com in August 2008.

Leave a Reply

Your email address will not be published. Required fields are marked *