Facebook giraffe virus warning—is a hoax: SSO Alert Priority Moderate
1 November 2013
Over recent days, warnings have been circulating rapidly on Facebook about users who have changed their profile photo to a picture of a giraffe—which contains a virus—after failing to answer a chain ‘riddle’ correctly.
This is a hoax.
About the hoax
The hoax, depending on the version you see and where you hear it from, essentially warns against posting pictures of a giraffe to your Facebook profile. The information currently circulating claims that cyber criminals have ‘poisoned’ images of giraffes with malware and made them available on Google Image Search.
Many media outlets have also mistakenly propagated this hoax.
Chain letters and riddles and games such as this one commonly circulate between friends on the internet via Facebook, email and other social media. Although some can be used to propagate malicious activity, many are harmless, simply occupying large volumes of clicks, likes and people’s time.
On the internet, nothing is ever lost, so old information can be dug up, recycled, repurposed and reused. Often information like this hoax will go viral—rapidly being passed on and shared by one unsuspecting person to the next.
Security vendor Sophos, discusses this hoax in more detail, and points to a number of old (2004) security vulnerabilities in Windows that have long since been patched, which were possible to exploit using images.
Much of what we see in this current hoax warning reflects some of these old concerns, lending it enough plausibility to convince people.
If you receive warnings such as this giraffe hoax, you are advised to check with a reputable source before acting on it. Do not automatically believe information you see on the internet.
You are also advised not to circulate viral messages. While some may be harmless, others may not and it is difficult to know the difference.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.