Social Networks

E-War Zone Report: New Development in Project Mayhem 2012

Fawkes Virus allegedly launched on Facebook and soon to hit other social platforms

At first, it was November 5. The day we all expected doom to strike the most popular social network of all. As our hopes for the best were confirmed and the social network survived, some voices called this warning a hoax while others claimed the attack actually failed.

On November 11, as we reported here, a new piece of info was released as to the weapon to be used in the attack: the Fawkes virus. At the time, the organization said this “highly sophisticated worm, with advanced network self-replication and remote abilities” would help the movement fight corruption and serve as “[…] an alternative attack toward groups who take on Anonymous”.

November 12, online socialites’ hearts skipped a beat once again as Bitdefender Safego identified a piece of malware that appeared to fit this description. The race toward the discovery of “the ultimate weapon in the battle against other groups or individuals undermining [Anonymous]’ interests” seemed to be over. And yet…

A recent wave of Facebook scams propagating through X-rated baits pumped a new dose of adrenaline into the system and voices rose to defend the thesis that this INDEED is Anonymous at work. We took a different path to the decryption of this mystery and put the pornographic scam flood on Facebook down to cybercriminals’ preparation for Black Friday. The fact that it resembled other Facebook scam outbreaks and that some of the URLs used to spread this kind of worm contained a domain name related to the idea of shopping ( ) supported our hypothesis. Plus, as stated then, we expected the Fawkes virus to rely on more complex mechanisms.

A recent Facebook statement shed some light on the matter of this red light tsunami (i.e. the blame’s  on a “self-XSS vulnerability”) and it brought back to mind a warning long forgotten (at least apparently): copy-pasted coded strangers don’t do any good to your social network account.

It appears that we’re back to square one in this puzzling quest for the Fawkes virus. In a video released yesterday by Anonymous, the Fawkes virus threat is renewed.

“The Fawkes virus is here,” according to the video. “Its beta testing has completed and it’s now a fully armed and operational piece of weaponry. It has already been released on Facebook and will be released on other social networking sites very soon.” There was no fail, there was no hoax, it said. All of this time was necessary for due preparations. “The 5th of November was just the beginning”, the video warns.

The Fawkes watch continues.

This article is based on the technical information provided courtesy of George Petre, Bitdefender Senior Social Media Security Researcher


All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Ioana Jelea

Ioana Jelea has a disturbing (according to friendly reports) penchant for the dirty tricks of online socialization and for the pathologically mesmerizing news trivia. From gory, though sometimes fake, death reports to nip slips and other such blush-inducing accidents, her repertoire is an ever-expanding manifesto against any Victorian-like frame of thought that puts a strain on online creativity. She would like to keep things simple, but she never does.