Language: EN


Remove MiCalendario and other "viruses" from Facebook (1 of 2)

In this post we are going to analyze some of the most common malicious software on Facebook, and learn how to remove them. These applications can reach us through the wall of our friends, through messages from acquaintances or strangers, or see them recommended on a website or blog.

When you click on one of these links, these applications are sent to all our users. Sometimes they ask for authorization before doing so, although sometimes this forwarding is done without the user’s awareness. In this way, these applications obtain rapid diffusion, similar to that of a computer virus.

But before learning to remove these applications from our computer, let’s see some typical examples that are usually seen on Facebook.

Examples of malware on Facebook

If you use Facebook, you have probably received (a lot of) an invitation to the application “My Calendar”, “My birthday”, or some other similar applications. The first thing that should make us suspicious about these applications is that Facebook provides calendar functions and birthdays natively. So. Why do you need an application for this? However, there are many (but many, eh!) people who have authorized this application, so it potentially has all their private data. Curious.


Another typical example of dishonest applications are those that claim they can provide you with special features. For example, show who has recently viewed your profile, change the color of Facebook, help you delete your entire biography, or get someone’s password. Don’t think twice, these functions don’t exist. They are scams, and there is nothing good that can come from them.


Another common scenario is that someone sends us a message or posts on our wall a video of the type “Watch this and tell me what you think”, “Have you seen that you appear in a video?“. It is implied that someone has posted compromising images or videos of us, or that someone is criticizing or slandering us. Logically, innocently (or not so innocently… but what kind of videos do you guys record?!) we will go see what they are saying about us.


It is also common to infect yourself with malicious software when trying to watch an “amazing video”. These videos often use an image with certain sexual content, not explicitly to avoid being reported, but it is implied that the content of the video could be erotic. Naturally, this attracts a large number of visitors by taking advantage of people’s inherent curiosity.


However, the content of these “amazing videos” can also be simply humorous or curious content, which aims to catch the user’s attention. Any system is valid when it comes to trying to deceive the user and get the coveted “click”.


Finally, I present to you a more subtle case, less obvious than the previous ones, and in which I have seen a large number of people fall. This time it presents a real news or video hosted on a genuine news page, such as Yahoo or YouTube. However, when clicking on the link, we are asked for permission before continuing. By accepting, we are taken to the real news, so it is easy for us to overlook that we have authorized an external application to access our account.


What do these programs do?

What is the function of these programs? What do they seek, apart from spreading and trying to reach the largest number of users through deception? For example, the other day I saw a poster circulating like the following, warning of the dangers of these programs.


Well, the first thing is to remain calm. These applications can hardly be considered a virus and, in any case, certainly not a dangerous one. Hardly can a program be classified as a “very aggressive virus” when it needs the user’s authorization to act or spread (sometimes, several authorizations).

Fortunately for you, your private data is important, almost exclusively, to yourself. None of the developers of this malware care the least bit about what you post on your wall, what you like or dislike, what you comment on your friends’ walls, or any of your private data. Not even your beach photos, no matter how cute you may have posed with your friends. Accept it, that’s how it is. Your private data is not even useful for obtaining statistics, there are easier and cheaper ways to obtain them.

So what function do these programs seek? Well, as always, to make money. And how can these programs turn thousands of “infected” computers into money? Through two ways.

An obvious way is, in the links that refer you to a page or Facebook group, to provide visits to a page. This page can be owned by the application developer, or sell their services on the Internet, promising to increase the number of visits to your page for a certain amount of money. The page will increase the number of followers and visits and, ultimately, will obtain higher advertising revenue.

On the other hand, although it may sound strange, on certain pages, “likes” on Facebook are sold. It may seem strange, but it is a common practice in certain companies that decide to buy “likes” to give the impression that their brand is more important. In this way, by clicking on one of these programs, you may “like” or even follow people without even realizing it.

In any case, the truth is that these programs are doing things that they should not be doing. Therefore, it is malware, which spreads through the clicks of trusting users (what is called click-jacking) and needs to be removed from our system.

In the next post (available here) we will see how to remove these Facebook applications.