Facebook Still Plagued With Malware, Security Firm Says

Despite attempts at enhancing its security posture, Facebook is still riddled with keyloggers, Trojans and other malware hidden in malicious links or on its third-party apps, according to recent statistics released by security firm BitDefender.

Data released from BitDefender's Facebook security and privacy app, Safego, indicated that about 20 percent of the 14,000 users installing the app were subjected to malware contained on the social networking site.

BitDefender found that more than 60 percent of the Facebook malware attacks were delivered via innocuous looking apps, such as games and quizzes, but which in reality installed malicious code upon download.

The largest share, around 21 percent, of malicious downloads came from apps promising to perform functions normally prohibited by Facebook, such offering users the ability to access who deleted or viewed the users' profile.

Other malware -- about 15.4 percent -- was distributed through various third party games hosted by Facebook, usually touting ways to win extra prizes on FarmVille and Mafia Wars.

In addition, 11.2 percent of malware was downloaded via special features not normally offered by Facebook, such as changing the background of a profile or a "Dislike" button. Other distribution methods included offers for new editions of famous games, giveaway free phones and free online movie offers.

Once installed, the malware then found its home on users' and on their friends walls, or was sent through messaging encouraging friends to install it. Other spreading mechanism variants included a request that the user share the application with friends in order to use it, or requiring the user to click banners a determined number of times to activate the application.

BItDefender found that a total of 16 percent of attacks used worms that spread rapidly based on social engineering tricks, typically using specially crafted messages designed to get attention, which generally invited users to view a short movie.

The worm spread when users clicked the Play button, and then asked to click a Like button. In another case, users were asked to share the displayed page and to click a banner a number of times before being allowed to see the video.

BItDefender released its Facebook security app Safego in October, which scans users Facebook profile for privacy gaps and identifies any personally identifying information that can be accessed by strangers, and detects malicious links and malware hidden on users' walls, inboxes and shared photos and videos.

Next: Malware Continues To Pummel Facebook

However, the Safego app only provides visibility into a user's Facebook security posture and alerts them to malware, but doesn't block or eliminate the threats.

The findings indicate a growing trend of malware spreading rapidly on the social networking site, even as Facebook bulks up privacy and security measures to fend off malicious threats. One of the most prevalent Facebook threats was the Koobface virus, which wreaked havoc on users' profiles in 2008 and 2009.

And despite attempts from Facebook to stay on top of threats, malware continues to plague the site. Last week, a Facebook application containing a malicious Java applet distributed malware to any user browsing to a specific Facebook application page displayed in an Eastern European language.

In another attack, malware authors circulated an e-mail that issued a fake alert warning users that their Facebook password had been changed and asked them to install an attached app to retrieve it. In actuality, users were downloading an information stealing Trojan.