Can a computer virus be disseminated through Facebook posts or on Facebook Messenger?

You’re never going to get a virus from reading text that is sent to you on Facebook. The danger comes if someone shares a link and you click it; that link could go anywhere, including to a website that will attempt to download a virus onto your computer. It is good to hover over a link before clicking it and note whether the URL it says it’s going to (in Chrome and probably other browsers, this comes up on the bottom left when hovering over a link) is a trusted website.

It’s possible, but you’d need more than just a virus to upload and messenger. And I’m fairly sure facebook is scanning everything that comes through their servers for suspicious files. So you’d first have to fool facebook’s antivirus work.

In addition to that, it would have to be some triple-throw-down, multi-level work that was set up in advance with multiple unpatched vulnerabilities.

One way to do it would be to compromise facebook or a trusted source (like whoever is serving advertisements) and then have them serve up your attack, which would need to appear as something a browser would try to interpret, like an image or movie. So you’d also need to have a compromise in your bag of tricks in the popular browsers, or at least one in widespread use.

And then you have to get past the OS and potentially anti-virus. With the understanding that you can be shut down at any level as soon as someone noticed something is up.

So it’s possible, but you’re actually safer on facebook than most of the internet. I wouldn’t worry too much there.

This harkens back to the oldest days of online ventures, when mass-distribution of “virus alert” notifications was a thing that we dealt with on a weekly – sometimes even daily – occurrence. In a lot of cases it was proven that “the distribution of the notification” was, itself, “the virus”.

That doesn’t mean that people were passing on notifications that contained malicious code or damaging contents, only that “the propagation of the warning notification” was the time suck and bandwidth bottleneck (because everyone was always instructed to “pass this on to everyone you know!”) which created the waste of time and resources that someone wanted to create.

In nearly all cases, as @Mariah notes above, the main problems theses days are:
– links to malicious sites (especially when the site shown in the hyperlink “appears to be” benign, but instead reroutes to a hidden location), or

- attached files that contain malicious code, and which the user may elect to start (“because I know who it’s from”) without scanning first. (People forget that if other users have had their security compromised then the file from ‘Joe Blow’ may not actually BE from ‘Joe Blow’.)

- apparent links from known entities such as credit card companies, banks and other financial institutions that are spoofed – that is, not really those organizations – and who use the fake sites to collect user name and password information for fraudulent use. That’s what “phishing” is.

It’s just annoying.