Changing Facebook profile picture to a Giraffe gives hackers your password?

The following warning messages are circulating Facebook –

A virus that exploits the recently discovered JPEG vulnerability has been discovered spreading over googles giraffe pictures.

“It’s been done in the past, but with HTML code instead of the JPEG,” said James Thompson, chief technical officer for SANS’ Internet Storm Center, the organization’s online-security research unit. “It is a virus, but it didn’t spread very far. We’ve only had two reports of it.”
The Facebook message goes like this: “I just changed my profile picture to a giraffe, but my answer was wrong” When you do it, Facebook automatically gives the hackers your user mail and password, malicious code embedded in the JPEG image gives the hackers everything they need, James said.
The code also installs a back door that can give hackers remote control over the infected computer. Antivirus expert Fred Hypponen of F-Secure warned on Wednesday that the JPEG exploit can also damage your Iphone if you charge it with your computer. By default, antivirus software only scans for .exe files. And even if users change the settings on antivirus software, the JPEG file name extensions can be manipulated to avoid detection.
Microsoft and google are working on it now, oct 25. We recommend Facebook users: DO NOT change your profile picture to giraffes.

Collected October 2013


**URGENT**GIRAFFE GAME NOTICE**URGENT**
Just found out that the Giraffe challenge was set up by the hacking group “Anonymous”. Apparently they’re going to embark on a random ‘cleansing’ program which will wipe out the bank accounts and hard drives of those people who have giraffe profile pics…A few of my FB friends have already had it happen, so change your pics back!!!!

Collected October 2013

The following warnings claim that changing your Facebook profile picture to a giraffe is a security risk that forces Facebook to “give hackers your user mail and password.” (The latter warning claims Hacker group Anonymous will “cleanse” your account)

The warnings are likely in response to the viral (and completely harmless) Giraffe riddle “game” that is circulating Facebook that involves a Facebook user posting a riddle as a status update, and friends who fail to answer the riddle correctly are instructed to change their profile picture to a giraffe for a period of 3 days.

The above warning messages about hackers are completely bogus. The riddle “game” is just a harmless game and the above warning messages should not be considered accurate. Read on for more details.

The deal is, I give you a riddle, if you get it right you get to keep your profile picture, you get it wrong and you change your profile picture for the next 3 days. MESSAGE ME ONLY SO YOU DON’T GIVE AWAY THE ANSWER!!!

RIDDLE:
3:00am, the doorbell rings and you wake up, unexpected visitors, it’s your parents and they are there for breakfast. You have strawberry jam, honey, wine, bread and cheese. What is the first thing you open?

Remember, message me only! If you get it right I’ll post your name on my status, if you get it wrong you change that picture!

The riddle in question, minus the correct answer 😉



Firstly, it is extremely unlikely that with modern software and operating systems that a virus or malware of any sort can be transmitted within a genuine .JPEG image that you would find on Google Images. It is true that several years ago malicious programmers were able to put computers at risk with JPEG exploits, but these have long been patched up by companies like Microsoft. Even back then (between 2002-2004) viruses transmitted inside JPEGs were extremely rare.

In fact this warning seems loosely based on a warning about a legitimate virus infection that spread through AOLs Instant Messenger service back in 2004. The quotes in the above warning message purportedly from the SANS’ Internet Storm Center were indeed made by them, but in 2004, not 2013. We took a look at the SANS Internet Storm Center’s website for information on the above warning message, and there was no information even remotely related to giraffes in this context!

Not only is successfully infecting JPEGs extremely unlikely, it is practically impossible that any programmer, hacker or cyber-criminal could program a virus that would force Facebook to handover your password and email simply by changing your profile picture, even if that .JPEG image was somehow infected with malicious code.

And of course users are free to change their profile picture to any number of giraffe images they find on the Internet, and even the most savviest computer criminal could not infect any significant percentage of the World Wide Web’s arsenal of giraffe images, even if it were possible to do so.

It is worth mentioning that when surfing external images, perhaps in search of an appropriate giraffe-themed image, it is important to be aware that external webpages can of course be dangerous. For example webpages hosting images can try and trick you into installing dangerous malware onto your computer, or use other known tricks and exploits to deceive you. Being aware of this, not taking any risks and using up-to-date antivirus software will usually ensure that you do not run into problems.

The assertion that this can also damage your iPhone is also completely bogus, and the two men mentioned in the message James Thompson and Fred Hypponen do not appear to exist, except outside the scope of this message (confirmed by F-Secure). In fact many of the claims made in this warning are so ridiculous that we can only assume the authors of these spurious warnings intended them so be some kind of joke.

And to put these rumours to bed completely, we “Google Imaged” the term “Giraffe” and took a quick look at the first handful of pages that came up – none of the webpages or images that turned up contained any malicious code, on the webpage or inside the image, according to our antivirus software.

And later assertions that hacker group Anonymous are targeting people with Giraffe images are totally baseless.

Bottom line…

So no, changing your profile picture to an image of a giraffe is not going to give hackers your password, nor make you a target for hackers/Anonymous. Providing you do not visit any malicious websites in the process of turning up an appropriate image, (which is unlikely) then the entire process of changing your Facebook profile picture is completely harmless. This is an entirely baseless rumour.

(P.S. And if you like, we have included the below image of a giraffe for you to use if you wish. Virus free we promise 🙂 )

giraffe