Trending news such as that of Malaysian Airlines Boeing 777, local comedian Vic Sotto’s hoax death and recently, the video scandal involving local news anchor Paolo Bediones are making rounds in the social media landscape specifically in Facebook. Spammers make use of this opportunity to conveniently spread adware in the social network.
Using catchy photos and fake videos related to the trending topics, victims will most likely click on these links without any doubt. The thing is, not all of these links being shared in Facebook are from legitimate sources, some are actually from spammers that download malicious files.
On these three recently discovered Facebook spams, they are all using different links to spread the malware but all end up in having the users download adware under the file names CodecPerformerSetup.exe, AudioPerformerSetup.exe, VideoPerformerSetup.exe or iLividSetup-r1720-n-bc.exe. All these files are currently being detected as ADW_BRANTALL by Trend Micro.
While adware-tagged files are generally low risk malwares, computers infected by these malicious files will be bombarded with pop-up advertisements and, in some instances, lowering of either network connection or system performance.
Some adware can also collect the system’s browsing information (e.g. sites visited) and send the information to a remote server on the Internet which in turn be used for marketing purposes.
Trend Micro blocks the links involved in these Facebook spams and detects files associated to them. Users of the social network are advised to refrain from sharing unverified links and stories in Facebook to avoid having their accounts hacked. This spamming technique usually hacks the victim’s account to post the same spammy status on their timeline and tag a couple of their friends to continuously spread the malware.