More news on the autopost memes

[pauraque_bk]

-I haven't been able to confirm this, but word is that people who clicked on the "This is very interesting" link, in addition to incurring an unauthorized post on their journal, may have been infected with a Trojan virus. I don't want to freak people out, since I don't know much about what's going on yet, but if you did click the link, it wouldn't hurt to run your anti-virus software.

-If you have an unauthorized post that you can't delete from the web interface, try deleting it with the Semagic LJ client; some users have had better luck that way.


For those just joining us: There's a security hole in the LJ system that's allowing unauthorized automatic posts. Until it's resolved, don't click on any suspicious links or forms you might see on your friends-list.

Comments

[spug.livejournal.com]

As stated before, the only thing this link does is use your cookie to post an entry. No information is retrieved from your computer, and you are not getting a Trojan.

http://www.livejournal.com/support/see_request.bml?id=294736
The comments at http://www.livejournal.com/community/lj_dev/641972.html also tell you this.

[pauraque]

The rumor that the autopost memes were spreading Trojans appears to have been just that: Only a rumor. It sounded unlikely to me too, which is why I said I hadn't been able to confirm it.

[spug.livejournal.com]

Yeah. According to this (http://www.livejournal.com/community/lj_support/483699.html) post, however, the security hole seems to have been patched :)

[muridae-x.livejournal.com]

It's always worth reminding people that they should be careful though. We live in times when you really do need to take precautions before you hook a Windows PC up to the outside world. In this particular case though, it's probably just coincidence that people clicked on that particular meme and then got themselves infected elsewhere or noticed that they'd had an infection for a while. There are a lot of machines out there that aren't as clean as they should be.

I did a bunch of screen captures of a Harry Potter special the BBC did about 18 months ago, which the Leaky Cauldron asked if they could use. I said yes, but asked them not to put my email address on the credit. Wires got crossed, and they did. In the half day or so before I could get them to remove the email address from the page, I got a bucketload of viruses emailed to an address that hadn't previously been compromised. As soon as it was removed, the flood of viruses dried up entirely. That had to be entirely down to just people with infected machines going to that web page to look at those pictures, oblivious to the fact that their machines had lurking nastys.

On a couple of occasions when I've received mail viruses I've been able to identify the source and let the friend in question know that they need to check their machine out. But most of the time - as in the example above - it's complete strangers, and then there's just nothing you can do.

[deslea.livejournal.com]

I don't think it does. I've looked at the source code and all it does is add the entry, including a 1px x 1px image (probably so the maker can track how many people are falling for it with the referrer logs). The guy also has his personal page on the same server, which a malicious hacker wouldn't do.

But yeah, definitely be careful. There are a few variations on this using text links now, so be careful what you click.

[pauraque]

Yeah, that's my point. The present version may not do any harm (except to your pride), but since we know now that there's an issue, it doesn't hurt to be double-careful.