Facebook Easter Egg causes a flap

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

My mate Ben told me a story the other day which he thought I would find amusing.

He’s a Facebook addict, and has been regularly cajoled for spending hours checking the social networking site for updates from his buddies instead of the biology job he’s supposed to be busy doing..

The other day he stepped away from his desk for what Americans charmingly call a “comfort break”, and returned to his desk to find bizarre red circles appearing like a lens flare on the Facebook page he was logged into.

In reality, he had fallen victim to an office prank – one of his colleagues had turned on a Facebook Easter Egg while Ben was away from his desk.

Sign up to our free newsletter.
Security news, advice, and tips.
[youtube=http://www.youtube.com/watch?v=fHHnAyCY8h8&hl=en_GB&fs=1&rel=0]

You could do this on Facebook too. You simply login and press:

UP UP DOWN DOWN LEFT RIGHT LEFT RIGHT B A ENTER

The problem was that Ben initially panicked, and thought his computer had been virus-infected. Fortunately the culprit owned up before Ben took things into his own hands to “remove the virus” and possibly make things much worse.

And that’s the problem even with seemingly harmless pranks like this which don’t involve you installing software on someone else’s PC. You don’t know how they’re going to respond, and there’s always the danger that they might over-react and do some real damage.

Ironically, it’s pretty rare these days for malware to have such visual payloads as the Facebook Easter Egg. In olden times, virus authors were more like graffiti artists than bank robbers and some had visual payloads of cascading letters, scrolling moonscapes, skulls dripping in blood, etc..

The media still likes to present malware in this highly visual way, so you’re likely to see viruses represented like this in movies and TV dramas for some time to come.

The truth, however, is that with a few notable exceptions (like the recent iPhone worm) the bad guys are designing their malware to be stealthy and invisible, and impossible to spot with the naked eye.

Easter eggs are a bit of fun for the programmers behind websites and software packages – but it’s probably best if you trigger them for your own amusement rather than play a prank with them on someone else.

PS. If you think the Facebook easter egg is cool, just try the same sequence at jQuery.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.