Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Giraffe Profile Picture Virus Hoax

Message circulating rapidly on Facebook claims that changing your profile picture to that of a giraffe will allow hackers to steal your Facebook login details and remotely control your computer.



Brief Analysis
The claims in the warning are nonsense and sharing it will help nobody. There is no such virus.  The threat described in the message is in no way related to a JPEG vulnerability that was discovered and fixed several years ago. The bogus warning is apparently a response to a popular - and completely harmless - Facebook game in which users who cannot correctly answer a riddle are instructed to change their Facebook profile picture to that of a giraffe for three days as a public acknowledgement of their failure.

Bookmark and Share

A virus that exploits the recently discovered JPEG vulnerability has been discovered spreading over google's giraffe pictures.

"It's been done in the past, but with HTML code instead of the JPEG," said James Thompson, chief technical officer for SANS' Internet Storm Center, the organization's online-security research unit. "It is a virus, but it didn't spread very far. We've only had two reports of it."

The Facebook message goes like this: "I just changed my profile picture to a giraffe, but my answer was wrong" When you do it, Facebook automatically gives the hackers your user mail and password, malicious code embedded in the JPEG image gives the hackers everything they need, James said.

The code also installs a back door that can give hackers remote control over the infected computer. Antivirus expert Fred Hypponen of F-Secure warned on Wednesday that the JPEG exploit can also damage your Iphone if you charge it with your computer. By default, antivirus software only scans for .exe files. And even if users change the settings on antivirus software, the JPEG file name extensions can be manipulated to avoid detection.

Microsoft and google are working on it now, oct 25. We recommend Facebook users: DO NOT change your profile picture to giraffes.

Detailed Analysis
According to a message that is currently circulating rapidly on Facebook, a dangerous virus is lurking inside images of giraffes that users may find online via Google searches. The message warns users not to change their profile image to that of a giraffe because the "virus" hidden inside the giraffe .jpg images will allow hackers to harvest their Facebook login email addresses and passwords as well as take control of their computers from afar. It warns that iPhones plugged into an infected computer for charging can also be damaged by the threat.

The message rather obscurely suggests that people are changing their profile pictures to images of giraffes, and thereby compromising their Facebook accounts and computers, to comply with a circulating Facebook message that states "I just changed my profile picture to a giraffe, but my answer was wrong".

However, the claims in the supposed virus warning are nonsense. There is no virus like the one described and Facebook users are certainly not being "hacked" just because they choose to use a random giraffe image as a profile picture.

It is true that, several years ago, a vulnerability was found in computers running Microsoft Windows that could enable software viewing JPEG image files to launch malicious code. However, a fix for that vulnerability has long since been available.

Some old, unpatched computers may still have the potential to be compromised. However, modern operating systems and software are not likely to be compromised by this vulnerability and it is highly unlikely that malicious code could be distributed via a normal .jpg file.

Moreover, even if it was still a threat, that vulnerability could not somehow magically infect all of the many thousands of giraffe images that a user might find via a Google search. Nor would it allow criminals to steal login credentials and control the infected computer just because a person used the .jpg file as a profile image.

The creator of the hoax message has attempted to make the nonsensical claims sound more believable by suggesting that computer security experts at SANS Internet Storm Center and at F-Secure have warned about the supposed threat.  However, the SANS and F-Secure warnings are derived from a September 2004 CNet article that discussed an AOL Instant Messenger threat that used the .jpg vulnerability mentioned above. 

The threat spread by tricking chat users into visiting a website that hosted the exploited .jpg images. However, the message makes no mention of giraffes. And, there is no current information about a .jpg vulnerability like the one described in the warning message on either F-Secure or the Internet Storm Center.

Thus, it is clear that the prankster who created this hoax has simply lifted portions of the 2004 CNet article and mixed them in with absurd claims about giraffe images.
The hoax is apparently in response to a popular Facebook status game in which users who cannot answer a riddle are instructed to use a picture of a giraffe as their profile picture for three days if they fail to correctly answer a riddle. An example of the message is included below:

Try the great giraffe challenge! The deal is I give you a riddle. You get it right you get to keep your profile pic. You get it wrong and you change your profile pic to a Giraffe for the next 3 days. MESSAGE ME ONLY SO YOU DONT GIVE OUT THE ANSWER. Here is the riddle: 3:00 am, the doorbell rings and you wake up. Unexpected visitors, It's your parents and they are there for breakfast. You have strawberry jam, honey, wine, bread and cheese. What is the first thing you open?Remember... message me only. If you get it right I'll post your name here. If you get it wrong change your profile picture....

This game is harmless. Playing certainly will not give you a virus or allow hackers to hijack your Facebook account or control your computer.

Certainly, as always, users should be cautious when downloading material from unknown websites.  Users might be tricked into downloading and installing malware in the mistaken belief that they were downloading an image file.

However, sending on this fake virus warning will only spread alarm and perpetrate misinformation. Sharing it will help nobody. 

Bookmark and Share

Last updated: October 28, 2013
First published: October 28, 2013
Written by Brett M. Christensen
About Hoax-Slayer

Microsoft warns of critical JPEG image vulnerability, reports Sophos
Can a virus be transmitted in a picture?
Image virus spreads via chat
F-Secure Blog
SANS - Internet Storm Center