Message circulating rapidly on Facebook claims that changing your profile picture to that of a giraffe will allow hackers to steal your Facebook login details and remotely control your computer.
The claims in the warning are nonsense and sharing it will help nobody. There is no such virus. The threat described in the message is in no way related to a JPEG vulnerability that was discovered and fixed several years ago. The bogus warning is apparently a response to a popular – and completely harmless – Facebook game in which users who cannot correctly answer a riddle are instructed to change their Facebook profile picture to that of a giraffe for three days as a public acknowledgement of their failure.
A virus that exploits the recently discovered JPEG vulnerability has been discovered spreading over google’s giraffe pictures.
“It’s been done in the past, but with HTML code instead of the JPEG,” said James Thompson, chief technical officer for SANS’ Internet Storm Center, the organization’s online-security research unit. “It is a virus, but it didn’t spread very far. We’ve only had two reports of it.”
The Facebook message goes like this: “I just changed my profile picture to a giraffe, but my answer was wrong” When you do it, Facebook automatically gives the hackers your user mail and password, malicious code embedded in the JPEG image gives the hackers everything they need, James said.
The code also installs a back door that can give hackers remote control over the infected computer. Antivirus expert Fred Hypponen of F-Secure warned on Wednesday that the JPEG exploit can also damage your Iphone if you charge it with your computer. By default, antivirus software only scans for .exe files. And even if users change the settings on antivirus software, the JPEG file name extensions can be manipulated to avoid detection.
Microsoft and google are working on it now, oct 25. We recommend Facebook users: DO NOT change your profile picture to giraffes.
Original Source : https://www.hoax-slayer.com/giraffe-profile-picture-virus-hoax.shtml