What Consumers Should Know About Facebook and Malware, From the Head of BitDefender's Online Threats Lab

By Katie Kindelan Comment

It’s not the mobile device that’s endangering your Facebook, it’s your Facebook that’s endangering your mobile device. That’s the headline of a new study from security firm BitDefender that identified social media as the biggest threat for introducing malware on mobile devices.

The results should be a wake-up call to all social network users so we went straight to the source to get more answers, speaking with Catalin Cosoi, head of the BitDefender Online Threats Lab. He tells us what users should know about the study and what they can do to protect themselves.

Social Times: How was the study conducted?

CC: The study analyzed a particular URL from a Facebook scam that spread a worm to the users who clicked on the link in a Facebook status that promised to expose the reason why a girl was expelled from school. This URL generated 28,672 clicks, 24% of which originated from mobile platforms. Users who clicked on the link – whether on their PC or mobile device – downloaded a Facebook worm and fell victim to an adword-based money grabbing scheme. It goes to show that scams targeting social networks could pose a huge threat to mobile security.

Social Times: What is the most important headline, or lesson, from the study for social network users?

CC: The biggest headline coming out of the study is that there are several scams already lurking on social networks that manage to trick users no matter the platform they use. With more users browsing social networking websites from their cell – they too can fall victims to scams, and quite in big numbers (1/4). So the best headline would be that scams on mobile phones are very close to the ones on PCs.

This study is just one example of the scams that are taking place right now social networking sites – and we are seeing more and more pop up every week. If you see a “call to action” on someone’s status that is enticing you to click on an unknown link, double check that this person’s site wasn’t already hacked. Otherwise, you could be the next victim. The users should be aware that these threats exists, and besides just posting statuses in the user’s behalf, they also leak private information from the social network profile, which can later be used for targeted attacks.

Social Times: How can users protect themselves?

CC: It’s important for social network users to really take a look and trust the link before clicking a URL in someone’s status. With the popularity of these social networking sites, spammers and other cybercriminals are going to continuously find new ways to spread e-threats via these channels – which is why users need to be aware of the dangers clicking on unknown URLs can pose to their computer’s health. Also, BitDefender has a product called BitDefender safego which is a free application, now in beta, designed to protect Facebook users from spam and from other e-threats. Its currently adopted by almost 40, 000 users already, BitDefender safego offers protection against these types of scams.

Social Times: What is it about mobile devices that make them more vulnerable to attack?

CC: The problem with mobile devices is that sometimes the screens are so small it’s harder to tell whether or not a link looks suspicious and with the growing popularity of smartphones, more and more people are visiting social networking sites on these devices. Hence, more people being infected through their phone. Also, when browsing from your cell, you usually go to the most interesting stuff. If the rest can wait until you get in front of a PC, some statuses are really catchy and you really want to check them right away. And since these apps use really social engineered statuses, they are designed to look really catchy

Social Times: Is one type of mobile device more vulnerable than others to clicking through on a malware scheme?

CC: No – unfortunately the vulnerability level stays the same on all devices, unless the device isn’t connected to the Internet.

Social Times: Should wireless carriers take more responsibility for protecting people from these things or is it Facebook’s responsibility?

CC: Wireless carriers should take some steps to better secure their users (malicious apps, email and sms spam, etc). Unfortunately, none of these steps are related to these types of scams, since they target a specific service. This problem can be addressed by the owner of the service/social network or/and by security companies.