Facebook Malicious Links Remain a Challenge, BitDefender Reports

BitDefender's scans of millions of Facebook posts revealed more than 20 percent of the people using the company's safego product had been exposed to threats.

Facebook has made several announcements this year related to privacy and security, but the malicious applications hidden behind some of the links circulating the social network still pose a problem.

This was underscored by recent analysis by BitDefender of thousands of people using its safego product. According to the company, 22.4 percent of safego users are exposed to malicious posts.

"Safego scans anything that it's shown on your Facebook wall," explained Catalin Cosoi, head of BitDefender's online threats lab. "At this moment, the app has been installed by almost 17,000 Facebook users and we've so far scanned more than 30,000,000 wall posts. From these 17,000 users, we found that more than 20 percent had something interesting."

"The threats we are talking about," he explained, "are menaces that the user gets exposed to, like a link that you should not click or a third-party app that you should not install. Only a small percent of those threats were actually linking to malware. Most of the time, these are apps that will promise the user extra features, or different games, in order to convince you to install them. Once you do, they will post messages on your behalf (in order to continue spreading) and will have access to your personal information."

With Facebook now at 500 million-plus users, many organizations have been faced with the prospect of designing policies to govern use of the site by employees. A recent poll by Webroot found that 50 percent of the 1,000 U.S. and U.K.-based businesses surveyed blocked employees from accessing social networks from any computer owned computer.

"One in six of those we surveyed said a social networking site or Web 2.0 application was the source of an infection or attack, and over half of companies said their network was infected with spyware this year," Gerhard Eschelbeck, CTO of Webroot, explained in a statement Nov. 15. "Every company needs to develop a policy for social networking use and should also deploy reliable Web security services for ongoing protection against zero-day threats."

A similar survey on the attitudes of small to midsized businesses (SMBs) towards social networks released by Panda Security in September found that nearly 57 percent of the 315 people surveyed work at a company with a social media governance policy in place. Eighty-one percent said there are employees to actively enforce those policies. Additionally, some 64 percent of respondents reported having formal training programs in place to educate employees on the risks and benefits of social media.

If businesses ban social networks, users would just go around the blocking, heading towards proxy websites or other methods, Cosoi said.

"By banning them, users might expose themselves and the corporate networks to threats that are far worse," he said. "I think (Facebook) educating its users on threats and security would be a good start."