Does Facebook Need Its Own Anti-Malware Service?

Does Facebook need to run its own anti-virus and anti-malware security system? That’s a question that may need to be addressed in the near future as the now almost 500 million users on the social networking service are facing regular attacks from rogue applications, phishing attempts and other sorts of hacks, not to mention the onslaught of viral, but often completely inaccurate reposted status messages that spread around the network like modern-day chain letters. These messages warn users about some supposed threat occurring on site, but are often either misguided or out-and-out lies.

Is it time for Facebook to step in and do more to protect its network and its users from threats like these?

Rogue Facebook Apps Top Rogue Anti-Spyware During Busy Weekend

The latest threat to make the rounds on Facebook is a rogue application dubbed “Distracting Beach Babes.” The app compromised the security of thousands of users’ accounts by way of status messages that appear to be from friends. But when the users click through on the tantalizing link, they’re asked to give an application permission to run. The app then tells users they must update their “FLV player” before they can see the video. Those that attempt to do so are sent off-site to another page where malware is installed on their computer.

This is hardly the first rogue application to take advantage of Facebook’s automated app approval systems. In fact, only days ago, a similar attack was underway. This one was a link to what was purportedly the “sexiest video ever!” (Those hackers sure know how to entice, don’t they?)

This particular application led to a very busy weekend for anti-virus firms, indicating a major push by rogue Facebook apps, says AVG’s chief research officer, Roger Thompson. Via the AVG website, Thompson reported that from midnight to 9 a.m. on May 15, its anti-malware software blocked more than 30,000 rogue Facebook applications, more than three times the rate of rogue anti-spyware.

In other words, the new anti-malware wave won’t be coming from email, IM or other random websites users are tricked into visiting. It will come from your Facebook friends… or so it will seem.

Thompson acknowledged that Facebook’s security team was “very responsive” in identifying and removing these sorts of rogue applications, but Facebook’s by-default viral nature allowed them to spread rapidly and affect large numbers of users before the apps could be removed. “This attack was actually stunning in terms of scale,” he said.

Rogue Apps, Phishing, Scams and More

Other recent Facebook-related malware attacks have included fake Facebook password reset emails, the seemingly never-ending spread of the Koobface worm, the “stalk my profile” scam (a rogue app with 25 variations, claiming it could tell you who visited your profile), the rogue “like” app (which borrows the infamous like icon), and many others. Other unpatched attack vectors pop up everyday, like this security hole which researcher Joey Tyson (a.k.a theharmonyguy) describes as a “dream situation for phishing.” This vulnerability is especially troubling as it enables a hacker to present a convincing Facebook login page that actually contains the term “facebook.com” within its URL. (See it action here. Can you tell that’s not the real Facebook.com?)

The situation has gotten so bad that users, in an attempt to be helpful, end up spreading around messages about various threats. Unfortunately, the threats they report are often false or are simply harmless bugs that Facebook is fixing, adding to the confusion. Case in point is the warning that anyone who received “tons of friend suggestions” was infected with a virus. The reality, ironically, involved a widespread misunderstanding of the actual Facebook friend suggestion feature. The situation is so out of control that people are now spreading jokes poking fun at the trend itself.

Facebook’s Security Efforts to Date

For what it’s worth, earlier this year, Facebook implemented virus-scanning for the PCs of compromised users after they had fallen victim to an attack. The company also runs its own Security Page, which serves as a warning system of sorts. The page now has over 1.8 million fans (or in the new lingo, “people who like this”). But on a network of nearly 500 million, this is the equivalent of a drop in the bucket. And it may not be enough to combat this ever-growing threat.

Sophos security researcher Graham Cluley recently pondered this same question, asking, “Isn’t it time that Facebook set up an early warning system on their network, through which they can alert their… users about breaking threats as they happen?” The impact of such a feature could be dramatic, he explains. “Imagine just how many people could have been protected if a simple message had appeared on all users’ screens warning them of the outbreak.”

Whether an early warning system is actually needed is debatable. Another option would be for Facebook to more closely monitor the applications submitted to its platform. As the New York Times recently reported, “Facebook’s automated system for application developers leaves a door open to the creation and distribution of abusive applications,” even if the apps’ ability to spread is short-lived.

But apps that only live for a few hours can still have thousands of victims. Maybe it’s time for Facebook to make sure they never get to live at all?

Image credits in original article: Facebook; Sophos

Facebook Comments