The perfect storm: there’s a spike in users being told by Facebook they have malware today

Many years ago, I was locked out of Facebook for 69 hours. It was completely a Facebook database problem, but in those days, they just locked you out without any explanation. It happened on a Friday. I believed I would not get back in till Facebook staff got back to work on Monday—and I was right. This is a company that seems to close down for the weekend, and the important techs don’t get back till afterwards. It also doesn’t understand the concept of time zones, as six years ago, Facebook walls stopped working on the 1st of each month in every time zone ahead of Pacific Standard Time.
   As it’s the weekend before the Gregorian New Year, Facebook’s probably closed again, so if their databases mess up, you could be stuck till Monday. Maybe later.
   Except these days, I believe they run another con altogether, as I explained in 2016.
   The theory: they now shift the blame to their users, by saying their computers are infected with malware, and forcing a malware scanner download on us. No one knows what this scanner actually does, but I know first-hand that it wrecks your real anti-virus program. I know first-hand that when Facebook and its scanner providers (which once included Kaspersky) are questioned on it, they clam up or they delete comments. I also know for a fact that others can log in to their Facebook accounts on the same “infected” PCs. All this is in earlier posts.
   Some affected users over the last few years have said that they could wait this out, and three days seem to be the standard period (though some were out for a month). That sounds awfully close to 69 hours, which I was out for in 2014.
   If word got out that their databases were this fragile, their share price would tumble.
   In a year when Apple has had to apologize for short battery life on their Iphones, and sexual predators in Hollywood got outed, maybe we could finish off 2017 with Facebook having to apologize for lying to its users about just what this scanner does. Because we also know that people who have legitimate malware scanners—including ones supplied by Facebook’s “partners”—have usually reported their PCs were clean.
   Today is the day of the perfect storm: if there is a big database outage at Facebook, it’s the weekend, and no one is around to fix it. For whatever reason, thousands of people have been receiving Facebook’s malware-scan message, telling them their computers are infected: today has seen the biggest spike ever in users getting this, beginning 14 hours ago.
   In my two years following this bug, I haven’t noticed any real common thread between affected users.
   With Facebook’s old bug, where walls stopped working on the 1st of each month, there was a particularly noticeable rise in reports on Getsatisfaction when 2011 ticked over to 2012—probably because no one was at work at Facebook to switch 2011 over to 2012. (I wonder if it had to be done manually. It honestly wouldn’t surprise me.)
   While some of this is admittedly guesswork, because none of the companies involved are saying a thing, there are just too many coincidences.
   Let’s sum up again.

• When certain Facebook accounts died three to four years ago, you were locked out, and this took roughly three days to fix (in my case, I got hit at a weekend, so nothing happened till Monday after a Friday bug). These bugs were account-specific.
• On January 1, 2012, Facebook walls around the world stopped working and would not show any entries from the new day—till it became January 1, 2012 in California, 21 hours behind the first group of people affected. It seems there is some manual tinkering that needs to go on with Facebook.
• Today, Facebook accuses people of having malware on their systems and demands they download a scanner. Yet we also know that others can log in to their Facebook accounts on the same “infected” machines. Conclusion: those computers are probably not infected as the lock-outs are account-specific. If it’s account-specific, then that leads me to believe it’s a database relating to that person.
• When people refuse to download Facebook’s scanner, many of their accounts come back online after—you guessed it—three days. Ergo, they were probably never infected: Facebook lied to them.
• Those that do download the scanner cannot find it in their installed programs’ lists. Neither Facebook nor their scanner partners have ever come clean about what this program actually does or why it needs to reside in a hidden directory on Windows.
• It is December 30, 2017, and it’s a weekend, and there’s a spike in users getting this warning. It began, noticeably, 14 hours ago. It’s very hard to believe so many got infected at the same time by the same bug: even a regular virus, or the real malware that gets spread through Facebook, doesn’t have this pattern. It all points back to something happening on Facebook. My reckoning is that this won’t be fixed till January 1, 2018 or afterwards.
• Facebook is the home of fake accounts—it’s very easy to find bots and spammers. Logically, if resources are used to host the bots, then that means fewer resources for the rest of us, and potential database problems.

   If you are stuck, I recommend you read the postscripts and relevant comments to my earlier posts: here and here.


You may also like




8 thoughts on “The perfect storm: there’s a spike in users being told by Facebook they have malware today

  1. Good Morning Jack, I wish your latest post on Facebook were on all news media.

  2. Thank you, Karen. More people have been accused of this today than at any other time. I really hope it will hit the news, though it seems the tech media all clam up on this issue. It’s going to take regular news media to break it, I believe.

  3. It’s possible that a lot of people bought new PCs or received them as gifts for Christmas. They may not have properly installed and/or activated their antivirus or malware scanners. (Or maybe that’s what Facebook is banking on them believing – in which case, the user will blame the PC manufacturer or the antivirus that came with their PC, rather than pointing fingers at Facebook. Just a theory…)

    Have you noticed other changes/new features, lately? Like round-style profile photos? New backgrounds? (A/B testing, much?)

    The media has been curiously uninterested in this. But then, how long did it take them to show interest in the political ads out of Russia, or the uneven enforcement of “community standards” on serious issues like porn and hate speech?

    Thanks again for the heads up, Jack – I’ve linked back to this and shared it. Here’s hoping it gets more than a nibble, this time.

  4. Thank you, Holly!
       The media should be far more interested—remember the press release I issued about Kaspersky and Facebook’s scanners? I thought it was well timed but I had no bites other than Scoop. The only noticeable change I saw was that Facebook no longer offers Kaspersky, but Trend Micro and Eset are still there.
       I hear you on the other issues—I remember the kiddie porn you reported and they did nothing about. And I was talking about bot epidemics on my blogs in 2014, when they went into overdrive. Facebook was better at killing those accounts back then, they leave most up these days—in spite of the Senate scrutiny of them. Dumb move, in my book.

  5. Maybe the Senate has told them to leave the bots but monitor them. Who knows? Maybe some of the bots are monitoring us, and we keep thwarting them (good God, I’d hope my government was able to come closer to passing a Turing test than that, but I wouldn’t bank on it – or on 90% of Facebook’s users ever spotting them in spite of how BAD they are!)

    Is it just TrendMicro and Eset? Interesting, then, that news about the cryptocurrency miner on FB being published first on their blog. One might say that was either an obvious likelihood, seeing as how they’re security partners – or suspiciously well-timed to make the uptick in spurious scans look at least PLAUSIBLY legit.

    Well, not much longer now. I think I’ll leave my account active; anything Facebook’s got now, they’re not likely to delete just because I do. (I worry they’ll just use it on a fake account when I’m gone.) I’ve been posting less and less, and am not really missing it at all. I don’t feel compelled to post, like I used to. I’ll just fade away gradually over the next month, and my last post will be “Gone Fishin'”

    I’m feeling excited again about my own blog. :)
    And with you around, THAT doesn’t need Facebook, either. (Thank you!)

  6. I remember even back in 2014 there were some incredibly obvious ones that Facebook gave a pass to, and I had to wind up saying in the feedback box, ‘This is part of a bot net which you have removed x members from. Why not this one as well?’
       Based on my search terms recently, it is Trend Micro and Eset now. I noticed the news on their site, too. Despite these “partners” clamming up when asked about the scan, and why it needs to be hidden and not appear in the installed programs’ list, I wonder how much they really know.
       You’ll have seen me blog more of late, too. It’s nice to collect thoughts and write properly. I stopped in December, and actually enjoy not posting. The trouble is, I am approving things posted to my wall, and anything that tags me, so casual users won’t see my big post about leaving.
       I’ll keep referring—come to think of it, I’m going to add you to my blogroll.

  7. I don’t really have a “blog roll” anymore (never found one with WordPress that I liked as well as Blogspot’s RSS dynamic blogroll). I’ve been experimenting with Flipboard. I’ve got you in there, but it’s not quite right (yet) either. :) Still working on it… Mitch Mitchell’s been giving me clues (and I’ve thrown a few back at him, as I learn things the hard way). It’s PRETTIER than a blogroll… I just want one that can bubble the new up to the top, for readers. :/

  8. I have a Flipboard account and for a little while it was on my phone, but I never really got it to reflect my interests. News seems to be one thing app makers don’t do well. I want something global, yet most apps (at least outside the Apple IOS world) are biased toward one territory (even Reuter does US and UK editions, for example).

Leave a Reply

Your email address will not be published. Required fields are marked *