Malware Thriving On Facebook Apps

Ever wonder just how big the Facebook juggernaut is? Facebook reports over 500 million users spend over 700 billion minutes per month on Facebook interacting with over 900 million objects (pages, groups and events) and 30 billion pieces of content (web links, blog posts, photo albums, etc). You don’t have to hear those staggering statistics to realize the degree to which Facebook has become integrated into our society.

With the reach, scale, social nature and viral capabilities afforded by Facebook, it’s not surprising the platform attracts some nefarious users. Malware distributors and scammers are always on the lookout for effective distribution points and methods. The Facebook platform provides them an exploitable platform in their attempts to dupe the end user.


Malware distribution and scams aren’t anything new on Facebook, although they have been getting more media attention lately.  Indeed, malware vendors have used social engineering as an effective means of distribution long before Facebook even existed. But how common is malware distribution through Facebook?

In October, BitDefender released a Facebook app, Safego, which helps protect Facebook user’s privacy and exposure to malicious links. BitDefender has now released a report with statistical data related to exposure to malware links based on data collected by Safego.

According to Caroline McCarthy, of CNET, BitDefender’s report came up with some interesting findings. To summarize those findings:

  • Data was collected from the News Feed of 14,000 Facebook users who installed the Safego app.
  • 20 percent of Facebook users were exposed to malicious posts in their news feeds of their friends. These were posts, that when clicked on, resulted in “the user’s account being hijacked and in malware being automatically posted on the walls of the respective user’s friends.”
  • Over 60 percent of the attacks came from notifications by malicious third-party Facebook applications labeled as “attack apps”.
  • 16 percent of malware exposure was achieved by enticing users to view some type of shocking video.
  • 5 percent of the attacks were connected to exposure to viruses.

The study further looked at the most common method of attack, malicious third-party apps, and found the following:

  • 21.5 percent were apps that claimed to perform some type of function Facebook normally prohibits, such as seeing who has viewed your profile or who has “unfriended” you.
  • 15.4 percent entice users with bonus items for Facebook games like Farmville.
  • 11.2 percent offer bogus Facebook features like free backgrounds and “dislike” buttons.
  • 7.1 percent offers new versions of well known gaming software
  • 5.4 percent claim to give away free cell phones.
  • 1.3 percent offer a way to watch movies free online.

I’ve seen all the kinds of “attack apps” listed by BitDefender on Facebook. It is interesting that BitDefender seems to be labeling all of them as malware when not all lead to the additional installation of software on the end user’s computer. Several of them lead to questionable gratis type offers instead, which have earned the nickname Scamville coined by Techcrunch’s Mike Arrington.

Some of the apps mentioned by BitDefender are also at the center of recent civil suits filed by Facebook alleging spamming of their platform. I think it is worthy to note that, at least in the context of Facebook applications, a security company is classifying marketing offers viewed as deceptive to the end user as malware.


Malware is no longer about the kiddie geek hunched over their computer in mom’s basement serving up malicious code for nothing more than bragging rights on ICQ and the hacker forums. It’s a business; focused as businesses tend to be on making money. That’s not to say it’s a legal business, but the goal is to make money and the mechanism malware. One may immediately think of such blatantly criminal activities such as identity theft, data theft and phishing attacks as the monetization mechanisms for malware. But online marketing channels are also a preferred choice for malware monetization.

One of the more recent and well documented examples of the monetization of malware utilizing social media as the mechanism of distribution is Koobface (pdf file), a worm targeting social networks where infected computers became part of a botnet engaging in PPC search click fraud and PPI (Pay Per Install) of bogus security software. The Information Warfare Monitor released a very in-depth report on Koobface (pdf file) providing proof of over $2 million earned over a one year period. While rather long, the report also provides an insightful look into the workings of a malware operation and the challenges faced by security companies, distribution points such as Facebook and law enforcement in combating these types of criminal activity.

Affiliate marketing is not the only online marketing channel at risk for such activity, although we probably talk about it more than in other channels. Any and all channels can be and are being impacted, especially DSPs.  Most online marketers are aware of issues surrounding channel conflict and channel cannibalization that can arise from normal surfing and shopping behaviors by end users. When malware and/or adware applications are injected into the equation, those issues can become even more complex.

A better understanding of how these applications are actually behaving and monetizing through the various online marketing channels is critical to the advertiser’s ability to detect potential fraud and abuse in their campaigns. The responsibility of combating malware shouldn’t fall to only security companies and law enforcement. When malware is being written and distributed with the primary intent of profiting from online marketing dollars, then that responsibility also falls to online marketers.

Over the next several weeks, I will be posting analysis of some of the types of malware and adware currently being distributed which are monetizing themselves through online advertising dollars. We’ll look at who are behind some of these applications, how the applications behave, which marketing channels are being targeted, which marketing companies are funding these applications and how these applications can impact marketing efforts and channels.

About Kellie Stevens

You can follow Kellie on Twitter: @KellieAFP.

8 Responses to Malware Thriving On Facebook Apps

  1. Kathy Austin says:

    Very good article! Well-written and imformative. Great job!

  2. @harrisja says:

    Spam and malware is a huge issue on any site where folks exchange links and discuss them.

    Twitter and Facebook are having issues with malware-laiden links – especially those that are shortened with or

    Luckily, safego for Facebook can help protect against these threats. Check it out – I use it personally and have recommended it to my friends.

    disclosure: I work with BitDefender

  3. Justin Dupre says:

    Very informative post! Great insight on affiliate marketing.

  4. Pat Grady says:

    You go girl!
    I look forward to your analysis you mentioned is coming!

  5. Thanks Kat. Disclaimer: That's my big sis. I'm trying to get her doing some affiliate biz stuff. I'll work on you while your here for the holidays <hint hint>

    @harrisja Thanks for coming by and commenting. It's a constant battle and I'm amazed a tthe number of people who still don't use any type of security software (legitimate) when online. I'm planning on giving Safego a spin myself to see what all it's detecting.

    I've also always held that the online marketing industry should be working more closely with the security companies in their compliance efforts. Maybe one day…..

    Justin, thanks for reading and commenting.

    Pat, I'll dedicate one of them just to your. 😉

  6. Vinny O'Hare says:

    Very informative article I will will be looking forward to reading the rest of your reports. Keep up the good work Kellie

  7. Thanks for the kind words Vinny. Glad you stopped by for the read.