Malware Thriving On Facebook Apps
Ever wonder just how big the Facebook juggernaut is? Facebook reports over 500 million users spend over 700 billion minutes per month on Facebook interacting with over 900 million objects (pages, groups and events) and 30 billion pieces of content (web links, blog posts, photo albums, etc). You donâ€™t have to hear those staggering statistics to realize the degree to which Facebook has become integrated into our society.
With the reach, scale, social nature and viral capabilities afforded by Facebook, itâ€™s not surprising the platform attracts some nefarious users. Malware distributors and scammers are always on the lookout for effective distribution points and methods. The Facebook platform provides them an exploitable platform in their attempts to dupe the end user.
Malware distribution and scams arenâ€™t anything new on Facebook, although they have been getting more media attention lately. Â Indeed, malware vendors have used social engineering as an effective means of distribution long before Facebook even existed. But how common is malware distribution through Facebook?
In October, BitDefender released a Facebook app, Safego, which helps protect Facebook userâ€™s privacy and exposure to malicious links. BitDefender has now released a report with statistical data related to exposure to malware links based on data collected by Safego.
According to Caroline McCarthy, of CNET, BitDefender’s report came up with some interesting findings. To summarize those findings:
- Data was collected from the News Feed of 14,000 Facebook users who installed the Safego app.
- 20 percent of Facebook users were exposed to malicious posts in their news feeds of their friends. These were posts, that when clicked on, resulted in “the user’s account being hijacked and in malware being automatically posted on the walls of the respective user’s friends.”
- Over 60 percent of the attacks came from notifications by malicious third-party Facebook applications labeled as â€œattack appsâ€.
- 16 percent of malware exposure was achieved by enticing users to view some type of shocking video.
- 5 percent of the attacks were connected to exposure to viruses.
The study further looked at the most common method of attack, malicious third-party apps, and found the following:
- 21.5 percent were apps that claimed to perform some type of function Facebook normally prohibits, such as seeing who has viewed your profile or who has â€œunfriendedâ€ you.
- 15.4 percent entice users with bonus items for Facebook games like Farmville.
- 11.2 percent offer bogus Facebook features like free backgrounds and â€œdislikeâ€ buttons.
- 7.1 percent offers new versions of well known gaming software
- 5.4 percent claim to give away free cell phones.
- 1.3 percent offer a way to watch movies free online.
Iâ€™ve seen all the kinds of â€œattack appsâ€ listed by BitDefender on Facebook. It is interesting that BitDefender seems to be labeling all of them as malware when not all lead to the additional installation of software on the end userâ€™s computer. Several of them lead to questionable gratis type offers instead, which have earned the nickname Scamville coined by Techcrunch’s Mike Arrington.
Some of the apps mentioned by BitDefender are also at the center of recent civil suits filed by Facebook alleging spamming of their platform. I think it is worthy to note that, at least in the context of Facebook applications, a security company is classifying marketing offers viewed as deceptive to the end user as malware.
Malware is no longer about the kiddie geek hunched over their computer in momâ€™s basement serving up malicious code for nothing more than bragging rights on ICQ and the hacker forums. Itâ€™s a business; focused as businesses tend to be on making money. Thatâ€™s not to say itâ€™s a legal business, but the goal is to make money and the mechanism malware. One may immediately think of such blatantly criminal activities such as identity theft, data theft and phishing attacks as the monetization mechanisms for malware. But online marketing channels are also a preferred choice for malware monetization.
One of the more recent and well documented examples of the monetization of malware utilizing social media as the mechanism of distribution is Koobface (pdf file), a worm targeting social networks where infected computers became part of a botnet engaging in PPC search click fraud and PPI (Pay Per Install) of bogus security software. The Information Warfare Monitor released a very in-depth report on Koobface (pdf file) providing proof of over $2 million earned over a one year period. While rather long, the report also provides an insightful look into the workings of a malware operation and the challenges faced by security companies, distribution points such as Facebook and law enforcement in combating these types of criminal activity.
Affiliate marketing is not the only online marketing channel at risk for such activity, although we probably talk about it more than in other channels. Any and all channels can be and are being impacted, especially DSPs. Â Most online marketers are aware of issues surrounding channel conflict and channel cannibalization that can arise from normal surfing and shopping behaviors by end users. When malware and/or adware applications are injected into the equation, those issues can become even more complex.
A better understanding of how these applications are actually behaving and monetizing through the various online marketing channels is critical to the advertiserâ€™s ability to detect potential fraud and abuse in their campaigns. The responsibility of combating malware shouldnâ€™t fall to only security companies and law enforcement. When malware is being written and distributed with the primary intent of profiting from online marketing dollars, then that responsibility also falls to online marketers.
Over the next several weeks, I will be posting analysis of some of the types of malware and adware currently being distributed which are monetizing themselves through online advertising dollars. Weâ€™ll look at who are behind some of these applications, how the applications behave, which marketing channels are being targeted, which marketing companies are funding these applications and how these applications can impact marketing efforts and channels.
About Kellie Stevens
You can follow Kellie on Twitter: @KellieAFP.