Wednesday, October 30, 2013

Giraffes infest Facebook, but are no threat to your PC

Giraffes are running wild. Not the Africa veldt, though, but on Facebook, as an actual riddle (or contest) has run afoul of being linked to a prior JPEG vulnerability, with some believing that viewing an image of a giraffe may infect your computer with malware. Instead, the riddle is just plain fun, with Snopes debunking the issue on Monday.

Apparently the faux virus warning revolves around "The (actual) Great Giraffe Challenge." The challenge was to answer a posted riddle, messaging the poster -- New Zealand YouTuber Andrew Strungell -- with a guess. Those who failed to answer correctly were supposed to change their Facebook profile pictures to images of giraffes for the following three days.

However, this "challenge" morphed into a viral hoax, whereby it was said that the "challenge" was simply a way to lure users into compromising their Facebook accounts and PCs by posting virus-laden JPEG images of giraffes. Some of the hoaxes went so far as to accuse Anonymous of being behind the "joke," which probably isn't going to sit well with the global and loosely-knit hacker group.

Instead, the (original) riddle was as follows:
3:00 am, the doorbell rings and you wake up. Unexpected visitors, It’s your parents and they are there for breakfast. You have strawberry jam, honey, wine, bread and cheese. What is the first thing you open?
There are two acceptable answers (below).

As Snopes explained, the hoax stems from a prior vulnerability from way back in 2004:
Back in 2004, a vulnerability was discovered that could enable programs used for viewing JPEG image files on Microsoft Windows-based computers to launch malicious code. Numerous warnings about the vulnerability were put out, and Microsoft issued a patch for the exploit in mid-September 2004.

Only a rather old, unpatched Windows-based system would be vulnerable to that exploit today, and it would not be attached to any particular type or class of JPEG-based images (such as pictures of giraffes). Someone simply borrowed portions of a rather old computer security article to lend credence to a new hoax involving a "giraffe challenge."
So there is no real malware associated with this joke, but instead much todo about nothing.

For those interested, the two acceptable answers are "your eyes" and "the door," both of which make sense when you think about it.

No comments: