McAfee Labs

Search for Lost Malaysian Airliner Can Lead to Adware

1
By on Mar 27, 2014

Developers of malware and potentially unwanted programs (PUPs) often prey on our curiosity using social engineering methods to get our attention. A recent case is a video that has become popular on Facebook. In its description, the video claims to offer footage of the lost Malaysian aircraft.

Many people on Facebook are sharing this link:

2xwo

The link includes a realistic image to add to its authenticity. However, the picture is five years old and was taken from a much publicized crash landing in New York, “the miracle on the Hudson.”

Going on the link we see a grayed (disabled) window that asks users to share this post on their Facebook walls. Only then will the video be enabled. A fake CNN logo adds authenticity.

3ree

 

We were surprised at this point to see that the lure indeed offered a video, which became enabled after users shared it on their Facebook walls. The sharing, however, ensured that the app got propagated.

4our

Trying to play the video gets the victim an adware PUP.

5ive

The skip button is grayed out as a part of the deception, and to make sure the user installs all the add-ons.

6ix

A new search engine takes over the users’ default search engine, and shows ads that have no relevance. It seems the ads are hard coded. For example, whether the user searches “google”  or “ask.com,” all we see in the first ad is an offer to buy and sell used cars.

7even

 

8ight

But that’s not all. Random ads are also shown and offer a virtually free iPhone 5 if the victim fills in lots of personal details.

9ine

 

Besides this scam, this site also hosts porn-related scams, all of which lead to more grayed adware.

McAfee detection for the source of all this adware and the HTML page is HTML/Hoax.gen.a.

In its beginning, social engineering was dependent on emails. With the boom in social media, however, things have changed. Malware and PUPs authors wait for any popular news and then jump on it as soon as it is released.

Besides having updated antimalware protection, users should be very judicious when clicking on links pointing outside Facebook, even if those links are shared by a trusted friend.

One Comment on “Search for Lost Malaysian Airliner Can Lead to Adware

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>