Engineering professors and graduate students at University of California-Riverside have coined a new term to describe malware distributed on social networks, but they didn’t stop there: They also developed an app to fight it.

“Socware” – pronounced “sock-where” – describes all criminal and parasitic behavior on Facebook and other online social networks (SOCial-WARE, get it?). But the term may be secondary news compared to the researchers released, which they claim stopped 97% of all socware while blocking legitimate messages only 0.005% of the time. 

A white paper outlines the study, which included 12,000 people who had installed the MyPageKeeper app and their collective 2.4 million friends. All-in-all, the study analyzed more than 40 million messages sent on Facebook.

The researchers, who described socware as an escalating arms race between scam artists and Internet security firms, said traditional blacklists, which have been used to block malware in email, have become ineffective as more communication has moved onto platforms like Facebook. They also found an increase in malware programs that hijacked accounts for the paid liking services I wrote about last month.

“Facebook is becoming the new epicenter of the Web, and we showed that hackers are adapting to this change by designing new types of malware suited to this platform, which we call socware,” they wrote.

A Sucker Born Every Minute

Seasoned and even ordinary Internet users are often left wondering “Who the hell would fall for that?” For example, MyPageKeeper researchers analyzed the data in their study and found:

  • Only 54% of socware messages included URLs that had been shortened using a link shortener. The researchers had expected the number to be higher, as shortened links can hide suspicious-looking URLs – but apparaently suspicious URLs don’t bother some users.
  • Of the un-shortened URLs, the scammers often used what the researchers called “obviously fake domain names,” including and
  • Certain words should be warning signs for users: “OMG,” for example, was 332 times more likely to appear in a socware status update, while the word “bank” was 56 more times likely to appear in socware messages.

Anyone who clicks on a suspect link is vulnerable, but Facebook seems to be the chosen stomping ground for socware criminals. About one in five of the socware links were hosted on Facebook itself, and thousands of socware messages were sent through the network everyday.

Facebook declined comment, saying it does not comment on third-party reports and papers.

“Malware on Facebook seems to be hosted and enabled by Facebook itself,” Michalis Faloutsos, a professor of computer science and engineering, said in a statement “It’s a classic parasitic kind of behavior. It is fascinating and sad at the same time.”

Image courtesy of Shutterstock.

dave copeland