Search for Lost Malaysian Airliner Can Lead to AdwareDevelopers of malware and potentially unwanted programs (PUPs) often prey on our curiosity using social engineering methods to get our attention. A recent case is a video that has become popular on Facebook. In its description, the video claims to offer footage of the lost Malaysian aircraft.
Many people on Facebook are sharing this link:
The link includes a realistic image to add to its authenticity. However, the picture is five years old and was taken from a much publicized crash landing in New York, “the miracle on the Hudson.”
Going on the link we see a grayed (disabled) window that asks users to share this post on their Facebook walls. Only then will the video be enabled. A fake CNN logo adds authenticity.
We were surprised at this point to see that the lure indeed offered a video, which became enabled after users shared it on their Facebook walls. The sharing, however, ensured that the app got propagated.
Trying to play the video gets the victim an adware PUP.
The skip button is grayed out as a part of the deception, and to make sure the user installs all the add-ons.
A new search engine takes over the users’ default search engine, and shows ads that have no relevance. It seems the ads are hard coded. For example, whether the user searches “google” or “ask.com,” all we see in the first ad is an offer to buy and sell used cars.
t that’s not all. Random ads are also shown and offer a virtually free iPhone 5 if the victim fills in lots of personal details.
Besides this scam, this site also hosts porn-related scams, all of which lead to more grayed adware.
McAfee detection for the source of all this adware and the HTML page is
HTML/Hoax.gen.a.
In its beginning, social engineering was dependent on emails. With the boom in social media, however, things have changed. Malware and PUPs authors wait for any popular news and then jump on it as soon as it is released.
Besides having updated antimalware protection, users should be very judicious when clicking on links pointing outside Facebook, even if those links are shared by a trusted friend.
Original article: By Ankit Anubhav on Mar 27, 2014