Page 1 of 2
Despite attempts at enhancing its security posture, Facebook is still riddled with keyloggers, Trojans and other malware hidden in malicious links or on its third-party apps, according to recent statistics released by security firm BitDefender.
Data released from BitDefender's Facebook security and privacy app, Safego, indicated that about 20 percent of the 14,000 users installing the app were subjected to malware contained on the social networking site.
BitDefender found that more than 60 percent of the Facebook malware attacks were delivered via innocuous looking apps, such as games and quizzes, but which in reality installed malicious code upon download.
The largest share, around 21 percent, of malicious downloads came from apps promising to perform functions normally prohibited by Facebook, such offering users the ability to access who deleted or viewed the users' profile.
Other malware -- about 15.4 percent -- was distributed through various third party games hosted by Facebook, usually touting ways to win extra prizes on FarmVille and Mafia Wars.
In addition, 11.2 percent of malware was downloaded via special features not normally offered by Facebook, such as changing the background of a profile or a "Dislike" button. Other distribution methods included offers for new editions of famous games, giveaway free phones and free online movie offers.
Once installed, the malware then found its home on users' and on their friends walls, or was sent through messaging encouraging friends to install it. Other spreading mechanism variants included a request that the user share the application with friends in order to use it, or requiring the user to click banners a determined number of times to activate the application.
BItDefender found that a total of 16 percent of attacks used worms that spread rapidly based on social engineering tricks, typically using specially crafted messages designed to get attention, which generally invited users to view a short movie.
The worm spread when users clicked the Play button, and then asked to click a Like button. In another case, users were asked to share the displayed page and to click a banner a number of times before being allowed to see the video.
BItDefender released its Facebook security app Safego in October, which scans users Facebook profile for privacy gaps and identifies any personally identifying information that can be accessed by strangers, and detects malicious links and malware hidden on users' walls, inboxes and shared photos and videos.
