Fact Check

Facebook Giraffe Challenge

Will participating in the Facebook 'giraffe challenge' infect your computer and give hackers access to your account?

Published Oct 28, 2013

Claim:   Participating in the Facebook "giraffe challenge" will infect your computer and give hackers access to your account.


Example:   [Collected via Facebook, October 2013]

There's a riddle going around that goes like this:

I have had to change my profile picture to a giraffe. I tried to answer a riddle and got it wrong. Try the great giraffe challenge! The deal is I give you a riddle. You get it right you get to keep your profile pic. You get it wrong and you change your profile pic to a Giraffe for the next 3 days. MESSAGE ME ONLY SO YOU DON'T GIVE OUT THE ANSWER. Here is the riddle:

3:00 am, the doorbell rings and you wake up. Unexpected visitors, it's your parents and they are there for breakfast. You have strawberry jam, honey, wine, bread and cheese. What is the first thing you open? Remember... message me only. If you get it right I'll post your name here. If you get it wrong change your profile picture.... this is for you to copy and paste

Now, there's another message that goes like this:


Whoah! Just found out that the Giraffe challenge was set up by the hacking group Anonymous. Apparently they're going to embark on a random "cleansing" program which will wipe out the bank accounts and hard drives of those people who have giraffe profile pics ... A few of my mates already had it happen, so gets to changing your pics back!!! lol

Microsoft and google are working on it now, oct 25. We recommend Facebook users: DO NOT change your profile picture to giraffes.

A virus that exploits the recently discovered JPEG vulnerability has been discovered spreading over google's giraffe pictures.

"It's been done in the past, but with HTML code instead of the JPEG," said James Thompson, chief technical officer for SANS' Internet Storm Center, the organization's online-security research unit. "It is a virus, but it didn't spread very far. We've only had two reports of it."

The Facebook message goes like this: "I just changed my profile picture to a giraffe, but my answer was wrong" When you do it, Facebook automatically gives the hackers your user mail and password, malicious code embedded in the JPEG image gives the hackers everything they need, James said.

The code also installs a back door that can give hackers remote control over the infected computer. Antivirus expert Fred Hypponen of F-Secure warned on Wednesday that the JPEG exploit can also damage your Iphone if you charge it with your computer. By default, antivirus software only scans for .exe files. And even if users change the settings on antivirus software, the JPEG file name extensions can be manipulated to avoid detection.


Origins:   A message circulated via Facebook in October 2013 entreated users to take part in "The Great Giraffe Challenge." Participants in this challenge were supposed to take a shot at answering a posted riddle (like the one reproduced above) and message the poster with their guess at the correct response; participants who tried but came up incorrect answers were obliged by the rules of the challenge to change their Facebook profile pictures to photographs of giraffes for the next three days.

This "challenge" was circulated in tandem with a warning that the game was simply a furtive way of luring users into compromising their Facebook accounts and computers by posting JPEG-based images of giraffes, images that harbored malicious code which could exploit a JPEG vulnerability to give hackers "your user mail and password" and allow them "remote control over your computer," as well as "damage your iPhone if you charge it with your computer."

The giraffe game may be a genuine bit of fun, but the associated virus warning is nothing but bunk. There is no virus lurking in JPEG-based images of giraffes, and Facebook users who change their profile pictures to photographs or drawings of giraffes

do not risk compromising their computers and Facebook accounts to hackers or damaging their iPhones. The quoted warning from the "chief technical officer for SANS' Internet Storm Center" is an outdated, nine-year-old one which addressed an issue that has long since been resolved and had nothing to do with Facebook.

Back in 2004, a vulnerability was discovered that could enable programs used for viewing JPEG image files on Microsoft Windows-based computers to launch malicious code. Numerous warnings about the vulnerability were put out, and Microsoft issued a patch for the exploit in mid-September 2004. Only a rather old, unpatched Windows-based system would be vulnerable to that exploit today, and it would not be attached to any particular type or class of JPEG-based images (such as pictures of giraffes). Someone simply borrowed portions of a rather old computer security article to lend credence to a new hoax involving a "giraffe challenge."

In short, the giraffe challenge may be silly, but it's relatively harmless, and taking part in it will not infect your computer or provide hackers with access to your accounts.

And for those who still haven't found it, the answer to the quoted riddle ("It's 3:00 am, the doorbell rings and you wake up. Unexpected visitors! It's your parents, and they are there for breakfast. You have strawberry jam, honey, wine, bread and cheese. What is the first thing you open?") is either "your eyes" or "the door."

Last updated:   28 October 2013

David Mikkelson founded the site now known as snopes.com back in 1994.

Read More

a Member

Your membership is the foundation of our sustainability and resilience.


Ad-Free Browsing on Snopes.com
Members-Only Newsletter
Cancel Anytime