Today I noticed a facebook-friend added a lot of links to a bit.ly URL, while tagging alot of her friends (including me) in the post. I did some investigation on the links and found them to follow a PHP file on a webserver running on an IP address 87.98.175.xx. The html on the site, was a redirect to another domain, which tries to trick the user into installing a chrome extension named "Unlimited Watching" which actively spreads itself via your facebook contacts.Removal Instructions To remove the extension, browse to your local extensions folder:
C:\users\$username\AppData\Local\Google\Chrome\User Data\Default\Extensions
and remove the folder which should be named either "mlnbmbaijkebfahbjllddofbdahmknae" or "Unlimited Watching". After doing so, start up Chrome again.
0 comments