Video Screencast Help
New Company Name and Logo Announced. Learn More.


Created: 16 Feb 2013 • Updated: 23 Feb 2013 | 6 comments
This issue has been solved. See solution.


Means this Error "[SID 25821] web attack facebook fake survey 3 detected"

Comments 6 CommentsJump to latest comment

Kirankumar's picture

I will check attach URL and update you.

Brɨan's picture

It means your IPS has blocked an attack attempt. It should be doing its job. If you open your security log, more info will be there

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture


Web Attack: Facebook Fake Survey 3 exploits Microsoft Internet Explorer CVE-2012-1876 Col Element Remote Code Execution Vulnerability

I would recommend you to -

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.

2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.

3) Make sure ALL the client machines are using the Latest Vendor Patches installed.

If the IPS signture indicates that the malicious traffic was safely blocked and your computers are fully patched, then you should be OK.  Definitely do keep your defences up and stay aware.  Social networking is great, but as with most things there are scams and dangers.  Her is some good reading from Symantec and Facebook security teams:

Social Scams

Phishers' Fake Security App for Facebook

Here's a direct link to that whitepaper:

Hope that helps!!

Mithun Sanghavi
Senior Consultant

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SameerU's picture


Please confirm that systems are patched with required microsoft patches and latest definitions update.


Ajit Jha's picture

Hi Kiran,

Go through the Link below and you will understand what it is and why it is important to be blocked.


Ajit Jha

Technical Consultant