Social Networking

Facebookers’ Feeds Crawling With Malware, Security Firm Finds

Links to malware-infested sites and other threats lurk in many Facebook users’ news feeds, according to research from security vendor BitDefender.

Among approximately 14,000 Facebook users who installed BitDefender’s Safego security and privacy app, about one in five has malware in his or her news feed.

More than 60 percent of the attacks detected by Safego are malicious apps that promise various benefits but install malware when they’re downloaded, BitDefender spokesperson Dan Wire told TechNewsWorld.

Sixteen percent of attacks use worms that spread using specially crafted messages that are likely to attract attention.

However, Wire warned against using those statistics to reflect on Facebook as a whole. “We stipulated that we were talking about 20 percent of the Safego users, not [20 percent] of all Facebook users,” he pointed out.

“The tools and systems we’ve built, combined with concerted campaigns to arm users with the information to make smarter and safer decisions online, have limited the number of Facebook users impacted by security issues to less than 1 percent, and that’s since the founding of the site more than six years ago,” Facebook spokesperson Fred Wolens told TechNewsWorld.

Breaking Down the Safego Stats

To date, about 14,000 people have installed the beta version of Safego, a privacy and security app for Facebook that BitDefender launched about a month ago.

Safego has scanned more than 20 million objects on those users’ pages since then, and it’s found that 20 percent of the users have malware in their news feeds. That means “everything that the user sees — his wall and what his friends post to their walls,” BitDefender’s Wire explained

Just over 21 percent of the malware lets users perform actions normally prohibited by Facebook. Just over 15 percent sucks in victims by offering bonuses for various games hosted by Facebook. For example, they offer free coins on “Farmville” and “Mafia Wars.” More than 11 percent provide features Facebook doesn’t offer. For example, they let you change your background or include a “dislike” button.

Various other forms of attack were also used, but less frequently.

What Safego Does

Safego checks users’ privacy levels and identifies personal information that’s visible to strangers. It also scans the user’s wall, inbox and comments for malicious links and compromised shared content such as videos and photos.

The app also protects users’ friends — users can warn their friends about infected links in those friends’ Facebook accounts.

However, Safego doesn’t block anything; it only warns users of malware.

Going Beyond Facebook

Despite having its own IT security team, Facebook has repeatedly been hit by malware and spam. Only last week, it was hit by a new attack in which a fake email told users their Facebook password had been changed and asked them to install an attached app. When they did so, a Trojan was downloaded instead.

Further, WebSense statistics showed that between June 22 and July 12, 40 percent of all Facebook status updates contain links and 10 percent of those links were either malware or spam.

“We analyzed half a million posts that were collected by Defensio,” Websense spokesperson Patricia Hogan told TechNewsWorld. Defensio is a Facebook security app from Websense.

However, Facebook contends it’s ahead of the game. “The systems we’ve built have helped us stay one step ahead of our attackers so that, as we’ve more than doubled in size over the last year, the actual effect of the attacks on Facebook hasn’t changed,” company spokesperson Wolens said.

Then can Safego spot malware when Facebook’s own security can’t?

“We use our cloud scanning technology in which there’s a synergy of all our products — our antispam, antiphishing and antimalware technology,” BitDefender spokesperson Wire explained. “We also look at applications that don’t necessarily have a malicious payload like stealing money but spread like a worm instead.”

Facebook has begun urging users to make its website their homepage, and that could increase the threat to PC users.

“If you make Facebook your homepage after you’ve been a user for some time, probably nothing dramatic will happen; Facebook will probably just get more users,” BitDefender’s Wire said. “But if Facebook’s site comes as the browser default on a new computer and the user is not aware of security and privacy issues, that would make the problem worse.”

1 Comment

  • This shows us just how insecure facebook is. Malware attacks on facebook are extremely easy. No content on facebook is secure and can be accessed by third parties and advertises. Facebook is too insecure to post any private content. I have personally gotten sick of facebook and quit. I hope MyCube and Diaspora which offer enhanced privacy control restore privacy to Social Media

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels