Facebook and rootkits???

Richard Sinkler · Post by **Richard Sinkler** » 13 Mar 2011 7:58 pm

Today I had a friend try out a Facebook/ReverbNation page to test it out (our band is trying to set one up). I wanted to see how someone who is not a Facebook member accesses and sees the page. He first accessed FB by typing in www.facebook.com but only had an option to join, so he did nothing. Then I had him click on the url to our page. He viewed the page, but did nothing else.

After that, he ran a scan on his computer with PC Tools Spyware Doctor, which he uses twice a day. From his email to me:

On my next scheduled PC Doctor scan after visiting Facebook, I had 11 files infected with Rootkit CL.

He also uses MalwareBytes and Norton Anti-virus, and they didn't detect these rootkits.

My question is: Since he only opened pages and had no other interaction, like viewing videos, listening to music, or downloading files, is it possible to get rootkits (and I guess viruses etc...) by just viewing a page on the internet?

I have been using FB for a year or so now, and don't think I ever had any problems with rootkits, viruses etc... I use Trend Micro Internet Security Plus and occasionally MalwareBytes.

Wiz Feinberg · Post by **Wiz Feinberg** » 13 Mar 2011 8:19 pm

It's hard to say without consulting with him, but this sounds like a serious false positive from Spyware Doctor. Tell him to update the definitions, reboot and scan again. Update MBAM and Norton and scan with them also.

A rootkit typically exists inside one file, not 11. While it is technically possible to get infected by just going to any web page, if it has been poisoned with an iframe redirect to malware servers, it is unlikely that the URL www.facebook.com contains exploits.

But, where did he surf before going to Facebook.com? What browser was he using? If Safari, or Internet Explorer, silent exploits are common. If Firefox or Google Chrome, infections must be manually approved by trickery.