Fifth of Facebook Users Exposed To Malware

Security software manufacturer BitDefender today released some statistics gleaned from Safego, a Facebook application that it offers to users of the social-network to keep an eye on their vulnerability to malware. The big finding: 20 percent of Facebook users are exposed to malicious posts in their "news feeds" of friends' activity, generally defined as posts that, when clicked on, result in "the user's account being hijacked and in malware being automatically posted on the walls of the respective user's friends."

The numbers were derived from Safego's analysis of news feed items viewed by the 14,000 Facebook users who have installed the app. Considering Facebook has 500 million users around the world, that's a small sample, but it's also a sample of users who, by virtue of installing the app in the first place, indicate that they're relatively security-minded. The "average" Facebook user may well be even more likely to see malicious posts, in theory.

Over 60 percent of attacks come from notifications from malicious third-party applications on Facebook's developer platform, the study found. Within that, the most popular subset of "attack apps" (21.5 percent of total kinds of malware) were those that claim to perform a function that Facebook normally prohibits, like seeing who has viewed your profile and who has "unfriended" you. 15.4 percent lure in users with bonus items for Facebook games like free items in FarmVille; 11.2 percent offer bonus (yet bogus) Facebook features like free backgrounds and "dislike buttons," 7.1 percent promise new versions of well-known gaming titles like World of Warcraft; 5.4 percent claim to give away free cell phones; and 1.3 percent claim to offer a way to watch movies for free online.

Beyond "app attacks," BitDefender found that an additional 16 percent of malware viewed on Facebook entices users to watch some kind of shocking video, like this one that claims to depict an anaconda coughing up a hippo, and that an additional 5 percent of attacks can be connected to viruses like Koobface.
And this isn't all the malware that gets flung across the social network: The BitDefender app only analyzed what's visible in users' news feeds. Private Facebook messages, which were just upgraded and expanded to include many different points of entry last week, are also vulnerable to attack.

Facebook says that it monitors activity routinely and keeps abreast of security concerns as quickly and expediently as possible, but as with anything else on the Web, dealing with malware is always a game of defense.

Read more: http://news.cnet.com/8301-13577_3-20023626-36.html#ixzz16NAmAabs

Facebook Filed Lawsuit Case On Spammers

Facebook announced today that it has filed suit against two individuals and a company that it says are responsible for propagating deceptive spam offers across the massive social network, including some that encouraged members to spam their friends in turn.

"This week, in a U.S. federal court in San Jose, California, we filed three lawsuits alleging violations of our terms and applicable law by defendants attempting to trick people on Facebook into signing up for mobile subscriptions and sending spam to their friends," a blog entry posted by Facebook's security team explained. "In three separate complaints, we allege that Steven Richter, Jason Swan, and Max Bounty, Inc. used Facebook to offer enticing, but non-existent products and services."

The lawsuits, filed Tuesday, allege that Jason Swan of Long Island, N.Y., had been running "more than 27 fake profiles, 13 fake pages, and at least 7 applications as part of an affiliate marketing advertising scam"; that Richter, also of Long Island, had been running about 40 fake profiles and 43 fake pages; and that the Canada-based Max Bounty Inc. had been misappropriating Facebook's logo and using deceptive marketing in its hawking of free gift cards, iPads, and other goods to consumers. All three are charged with violations of the U.S. Computer Fraud and Abuse Act, the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), and other state and federal laws.

Almost exactly a year ago, Facebook was awarded $711 million in a court judgment against Sanford Wallace, the self-described "spam king" who had been accused of fraudulently obtaining access to Facebook accounts and then using them to run phishing scams. Among other things, Wallace is now permanently banned from Facebook.

In another judgment related to CAN-SPAM violations, this one in 2008, Facebook was awarded $873 million.

"Stay tuned as our push against spammers and scammers escalates over the next month, year and beyond," the post from Facebook today read. "We have other actions pending, and there will be more to come."

Security on Facebook has been a hot topic lately because of a controversial Wall Street Journal investigation that found many of Facebook's major application developers were violating the social network's terms of service by selling some user information to marketers. The report was assailed by many tech industry professionals who said that it made too much fuss about something that actually wasn't particularly surprising or alarming, but others have argued that the real problem is that Facebook didn't appear to be doing enough to police its advertisers and developers for terms of service infractions.

View the original article here