Websense Scans URLs Posted on Facebook to Identify Malicious Links

Facebook will pass all URLs posted on the social networking site through Websense's real-time link scanner to ensure they are safe before allowing users to proceed.

Facebook is partnering with Websense to protect users from clicking on links on the social networking site that may direct them to malicious Websites.

When a user clicks on a link, Facebook will first check the link against Websense's system to determine whether it's safe, Websense said Oct. 3. If the link is identified as not safe, the user is shown a message stating the link is potentially harmful and suggests returning to the previous page. The message provides a brief explanation of why the link was flagged by Websense.

The "return to previous page" button is located on the bottom-right of the message and is very prominent to encourage users to click on the button. For users who want to proceed despite the risk anyway, there's a smaller "ignore this link" to the bottom-left. Facebook is expected to start rolling out the system to all users starting Oct. 3.

"We are excited about our partnership with Websense to provide industry-leading tools to help our users protect themselves," said Dan Rubinstein, Facebook's product manager for site integrity.

Websense's "ThreatSeekerCloud" is a classification and malware identification platform capable of analyzing threats in real time, according to Websense. The Advanced Classification Engine used by the cloud system blocks known malware sites and shortened URLs such as those using bit.ly. It can also analyze unknown sites to determine whether they are safe.

"Every day, Websense Security Labs works to discover, investigate and report on advanced Internet threats that are designed to circumvent antivirus products," said Dan Hubbard, Websense's CTO.

It seems that almost every day there is a new Facebook scam geared toward persuading users to click on a link. Attackers are increasingly using social media to distribute malware by tricking users into visiting malicious sites.

The links may promise exclusive video, such as the campaign that killed Osama bin Laden, a bullying victim who fights back or some kind of titillating clip that begins with "I can't believe ..." While some of the links may just direct users to a survey site or a click-jacking site, others are loaded with malware, which are downloaded onto the victim's computer. Sophos researchers regularly post warnings about the latest scams on the Naked Security blog.

ThreatSeekerCloud is just another weapon in Facebook's growing arsenal of link scanners. Facebook maintains its own proprietary database of malicious URLs and has other mechanisms in place to keep malware and scams off the site, the company has said in the past.

In addition, Facebook partnered with application management service Web of Trust in May to also scan links posted by users on the site. Web of Trust checks whether links are classified as spam, malware or phishing, and posts its own warning message when it detects any suspicious links. Web of Trust relies on a crowd-sourced database consisting of submissions from a community of users who have the Web browser extension installed and report malicious sites.

Facebook will continue using Web of Trust to provide users with multiple layers of protection.

In addition, a Facebook app called Defensio, also from Websense, allows users who maintain Facebook Pages to control links that are posted on the page. Defensio can be configured to block malicious content as well as other categories, including gambling, drugs, hate speech, violence and adult content.

"Facebook cares deeply about protecting users from potentially malicious content on the Internet," said Rubinstein.