New Facebook Adware Spreading Fast
Attackers are once again utilizing Facebook Messenger to spread Adware

This week, attackers are utilizing Facebook Messenger, malicious Javascript, and in some cases, social engineering to spread adware - making a small chunk of change as a result. Anyone who reads my articles knows that I believe security through education is the best protection. Therefore, let’s start by defining some terms, followed by explaining the mechanism by which it spreads, and concluding with some advice on how to avoid becoming a victim.
Adware (advertising-supported software) is any type of software application that renders advertisements (usually unwanted) in order to generate profit. The algorithms controlling the generated ads usually contain code that analyzes user behavior in order to direct navigation to targeted sites.
Adware can be both a good and bad product. For example, Amazon utilizes adware on the Kindle device home page and in sleep mode in order to generate revenue so it can offer the product at lower cost. However, when you look at the wizard behind the curtain, Amazon is busy building profiles of search and reading habits. In the end, they ultimately use it to turn knowledge and insight into action, one of the main tenants of behavioral analytics. We utilize very similar algorithms to track sex offenders and traffickers, often employing a tiny, invisible pixel that aggregates information into massive databases.
On the bad side of the spectrum, adware is a form of malware (malicious software), presenting unwanted ads to the user. Adware that tracks the activity of its users is referred to as spyware. Spyware can also be quite beneficial, but I won’t digress.
Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. For example, giving you a call pretending to be your bank so I can obtain account information is a form of attack that relies on social engineering. Although the foundation of cybersecurity is technology, in the end, most successful attacks contain at least one social engineering component.
The popular Facebook attack this week uses the victim’s name and the word “video” in order to entice them to click. Following this action, it directs them through various shortened links to a Google Docs page that hosts an image from the victim’s Facebook photo album. In some cases, the photo has a transparent play button on top, disguised to look like a video. If this link is followed, the user is then directed through a series of websites called a domain chain. Through the chain of links, the adware utilizes special cookies to monitor your activity, hence the name tracking cookies.
Keep in mind that throughout the attack, no malware is actually placed on the victim’s machine. However, through the script, adware is downloaded. In addition, the attackers are making money through the cycling and clicking of ads, as well as gaining access to a host of Facebook accounts.
In order to protect yourself, please be very aware of what you are clicking on, especially links that are shortened and/or contain various special characters. As a general rule, if you are ever redirected to Google Docs from an ad, you can usually bet something fishy is going on. There are a number of scanners online that can test the validity of links before you click on them.
In addition, most browsers support the installation of extensions that add extra functionality, including those whose function is to block ads, such as AdBlock Plus. There are also free ad blocker extensions specifically for Facebook and other social media sites. As always, it always comes down to a simple rule - think before you click!
