Remove s3.amazonaws.com Facebook virus

Beware of the new Facebook spam campaign that involves the s3.amazonaws.com service and aims at manipulating users’ accounts to replicate fraudulent content.

Concerning the subject matter of this post, let’s dot some i’s and cross some t’s right away. Amazonaws stands for a cloud storage and computing service owned and maintained by Amazon, and it’s not malicious in any way. The “AWS” part is an acronym for “Amazon Web Services”. So, this is an entirely legit cloud repository that’s not harmful per se. However, since it is an open ecosystem, some parties – including malicious players – can take advantage of it in the worst way imaginable. This is exactly what’s happening on Facebook at the time of writing. A tricky social network spam campaign is doing the rounds, reaching numerous Facebook users and abusing a few account set-ups to self-replicate. The gist of this fraudulent wave comes down to eye-catching, comics-style postings on people’s walls, which lead to s3.amazonaws.com resource. While these items appear innocuous at first sight, things are bit trickier than that.

The common scenario is when a user sees one of these funny hyperlinked pictures being shared by their friends on Facebook. There can be several themes of these objects, including “What life looks like before and after you’re 30 years old”, “What life looks like before and after marriage”, and “Why men and women are so different”. The text is in French, which might suggest that the target audience is supposed to be restricted to Internet users living in one particular country. Despite that, the spam entities are hitting people around the globe regardless of their residence. The images are fairly well-drawn and seem to be engaging enough to get lots of users on the hook. Driven by curiosity to see what other pics are available, many of those who see the bait comics on their newsfeed end up clicking on them. Before accessing the linked-to website, though, they are first presented with an age confirmation dialog, also in French (see below). It asks the victim to verify that they are 16 or more years old.

As expected, the user’s traffic is then, indeed, forwarded to a page with the entertaining comics in it. On a side note, there are also tons of sponsored ads there, therefore, whoever is in charge of this activity already gains some revenue at that point via ad views. While reading the funny stuff, though, the unsuspecting user will most likely miss something really unwelcome going on behind their back. It’s the fact that the identical link shows up on their own Facebook wall. It should be emphasized that the posting takes place automatically, and it doesn’t require that the victim click on any share options whatsoever. The occurrence is entirely beyond the permission milestone, where a person never actually makes an informed decision. E-marketing done right has nothing to do with this tactic, obviously.

Since the web pages involved in this hoax are s3.amazonaws.com domains, there is hardly any chance of them being blacklisted by browsers or ISPs whatsoever. What enables the unauthorized sharing on the social network is an obfuscated iframe tag in the source code of the landing page. It means that the user unknowingly opts for sharing the content by clicking on something absolutely unrelated, with the appropriate command being probably hidden underneath the above-mentioned age confirmation popup. As a result, the s3.amazonaws.com Facebook spam is permanently gaining momentum through a self-contained proliferation mechanism.

Whereas the tech reps of this social media claim this isn’t a security flaw as no account details are being tampered with, the fact that something is shared without users’ awareness and consent isn’t right. Moreover, the threat actors behind this campaign may simply add some malicious downloads to their surreptitious iframe implementation, not just the share feature alone. It’s within the realms of possibility that this particular clickjacking scenario is already the case, infecting Facebook users’ computers with dangerous malware. One way or another, if confronted with the s3.amazonaws.com Facebook virus, take security precautions to avoid adverse consequences.

Automated removal of the s3.amazonaws.com Facebook virus

Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:

1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button

Download s3.amazonaws.com virus remover

2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.

Use Control Panel to get rid of the s3.amazonaws.com Facebook virus

• Open up the Control Panel from your Start menu in Windows and select Uninstall a program

• To facilitate the process of locating the threat, sort the programs list by date to get the latest ones displayed at the very top. Find a suspicious or clearly malicious entry under the Name column, click Uninstall and follow further directions to get the removal done.

Restore web browser settings to their original defaults

In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages, etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by this virus.

Reset Google Chrome

• Open Chrome, expand the Customize and control Google Chrome menu and choose Settings

• Scroll down the settings screen and click Advanced down at the bottom

• Move on to the Reset and clean up sub-section and select the option that says Restore settings to their original defaults

• Finally, confirm the restoration by clicking Reset settings on the warning message

• Restart Chrome.

Reset Mozilla Firefox

• Open Firefox, type about:support in the URL area and press Enter. Alternatively, you can click on the Open menu icon in the top right-hand part of the browser window, then select the Help option and proceed to Troubleshooting Information

• On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it

• Follow subsequent directions to reset Firefox to its original settings

• Restart the browser.

Reset Internet Explorer

• Select Internet options under IE’s Tools (Alt+X)

• Proceed by clicking on Advanced tab, then select Reset

• To confirm the intended changes, click Reset on the Reset Internet Explorer Settings screen after ascertaining that the Delete personal settings checkbox is enabled

• Reboot the machine to fully implement the fix.

Reset Safari

• Go to the Safari menu and select Preferences

• When on the Preferences screen, select the Privacy tab and hit the Remove All Website Data button if you are up to erasing all website data stored on your Mac. Otherwise, you can use a site-specific removal option described below

• A dialog will appear, asking you to validate your choice. Click the Remove Now button if you are sure. Be advised this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.

• Safari also allows deleting data for specific sites rather than all sites in general. To use this option, click the Details button under Privacy tab

• Select the websites for which you would like to erase data and click the Remove button

• Click the Done button to confirm and exit. You can also select the Remove All option to remove all data stored by the listed websites.

Revise your security status

Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.

Download s3.amazonaws.com Facebook removal tool