Social Media Flooded With Tasteless MH17 Spam

If you come across Facebook pages showing pictures of MH17 crash victims or tweets with URLs redirecting to the disaster reports, beware – they might have malware, or redirect to pornographic or spammy websites.


Photo: Ahmad Faizal Yahya / Shutterstock

We are witnessing a distasteful trend among cybercriminals as they leave no occasion to spread malware or capture the financial information of users. There are people who will stop at nothing to victimize others.

This new trend consists of Facebook pages and tweets that are related to MH17, the Malaysian Airline Boeing 777 aircraft that was recently shot down over Ukraine. The plane was carrying 15 crew members and 283 passengers. Until now, it’s not clear who is responsible for this tragic event, and Ukraine and the insurgents are blaming each other.

Within just a week of this incident, at least six fake Facebook pages have popped up with the names of the victims. According to the Sydney Morning Herald, three fake pages were made using the names of children who died in the explosion.

Most of these Facebook pages were related to click fraud. These pages displayed a link to the visitors and claimed that the link has detailed information about the plane crash. When the users clicked on the link, they are welcomed by multiple pop-up ads for shady services like pornographic content and online gambling. Many pages have been shut down by Facebook, but scammers are coming up with new pages.

Victims being highlighted by these pages include Liliane Derden, Fatima Dyczynski, and three children – Evie, Otis, and Mo Maslin. The scam also focused on victims from other nations, including Rob Ayley, Quinn Lucas Schansman, Eugene Jin Leong, Ben Pocock, Richard Mayne, and Liam Sweeney.

Although Facebook has taken down some pages, their external sites remain live. One such page was linked to the site The website was registered in Romania in the year 2010, and its IP address shows Netherlands. There are chances that the website has been hacked to divert the visitors to pornographic websites and online stores selling fake drugs. And that’s not all – can take you to malicious files that can infect your computer if you clicked on them.


An example of one of the fake MH17 pages. Photo: Independent

Scammers want to take advantage of the amount of traffic that is going to sites containing information about MH17. By doing this, they have found an easy way to attract some of that traffic to their own websites. Basically, for them, this tragedy is something like an everyday viral concept, which reflects their lack of empathy for others.

Last week, there was an outrage in social media channels against such pages. People labeled these pages as disgusting and the creations of a sick mind. Facebook then removed many of these pages. There were large numbers of “reports” going to Facebook, due to which Facebook had to take action. However, there were many unsuspecting users who posted heartfelt messages on these pages.

Facebook said that as soon as it gets information about a fake MH17 page, it will be taken down. A Facebook spokesperson said, “We are disabling these profiles as soon as we are made aware of them. We encourage people to block those responsible and report suspicious behavior to our team of experts via our reporting buttons so that we can quickly take the appropriate action.”

Spammers are not just on Facebook, but on Twitter as well. There have been many tweets related to the MH17 tragedy. These tweets contain spam links that take users to malicious websites.

According to Trend Micro, a security firm, malicious tweets began circulating as soon as Malaysia Airlines said that it had lost contact with the plane. Cyber crooks are always looking for high profile news events so that they can take advantage of the scenario. The spam situation was similar after the Boston Marathon, Typhoon Haiyan, and the 2011 Japanese tsunami. Twitter accounts crop up after such incidents, asking for retweets to help the victims. These accounts were shut down, but many fake tribute accounts still continued to spread spam.

So think before you click on the links that say “Video Camera Caught the moment plane MH17 Crash over Ukraine”. Such a video doesn’t exist, and you’re surely being duped by someone’s sick attempt to redirect you to a shady website or install a virus on your computer. Instead of clicking on it, you can report the post/tweet to Facebook or Twitter. When you report the case, they ban the account, and thus you can save many computers from getting infected by a virus.