Facebook will pass all URLs posted on the social networking site through Websense's real-time link scanner to ensure they are safe before allowing users to proceed.
Facebook is partnering with Websense to
protect users from clicking on links on the social networking site that may
direct them to malicious Websites.
When a user clicks on a link, Facebook
will first check the link against Websense's system to determine whether it's
safe, Websense said Oct. 3. If the link is identified as not safe, the user is
shown a message stating the link is potentially harmful and suggests returning
to the previous page. The message provides a brief explanation of why the link
was flagged by Websense.
The "return to previous page"
button is located on the bottom-right of the message and is very prominent to
encourage users to click on the button. For users who want to proceed despite
the risk anyway, there's a smaller "ignore this link" to the
bottom-left. Facebook is expected to start rolling out the system to all users
starting Oct. 3.
"We are excited about our
partnership with Websense to provide industry-leading tools to help our users
protect themselves," said Dan Rubinstein, Facebook's product manager for
"ThreatSeekerCloud" is a classification and malware identification
platform capable of analyzing threats in real time, according to Websense. The
Advanced Classification Engine used by the cloud system blocks known malware
sites and shortened URLs such as those using bit.ly. It can also analyze
unknown sites to determine whether they are safe.
"Every day, Websense Security Labs
works to discover, investigate and report on advanced Internet threats that are
designed to circumvent antivirus products," said Dan Hubbard, Websense's
It seems that almost every day there is
a new Facebook scam
geared toward persuading users
to click on a link. Attackers are increasingly using social media to distribute malware
users into visiting malicious sites.
The links may promise exclusive video,
such as the campaign that killed Osama bin Laden, a bullying victim
who fights back or some kind of
titillating clip that begins with "I can't believe ..." While some of
the links may just direct users to a survey site or a click-jacking site,
others are loaded with malware, which are downloaded onto the victim's
computer. Sophos researchers regularly post warnings about the latest scams on
the Naked Security blog.
ThreatSeekerCloud is just another
weapon in Facebook's growing arsenal of link scanners. Facebook maintains its
own proprietary database of malicious URLs and has other mechanisms in place to
keep malware and scams off the site, the company has said in the past.
In addition, Facebook partnered with
application management service Web of Trust
in May to also scan links posted by
users on the site. Web of Trust checks whether links are classified as spam,
malware or phishing, and posts its own warning message when it detects any
suspicious links. Web of Trust relies on a crowd-sourced database consisting of
submissions from a community of users who have the Web browser extension
installed and report malicious sites.
Facebook will continue using Web of
Trust to provide users with multiple layers of protection.
In addition, a Facebook app called Defensio
, also from Websense, allows users who
maintain Facebook Pages to control links that are posted on the page. Defensio
can be configured to block malicious content as well as other categories,
including gambling, drugs, hate speech, violence and adult content.
"Facebook cares deeply about
protecting users from potentially malicious content on the Internet," said