Security software manufacturer BitDefender today released some statistics gleaned from Safego, a Facebook application that it offers to users of the social-network to keep an eye on their vulnerability to malware. The big finding: 20 percent of Facebook users are exposed to malicious posts in their "news feeds" of friends' activity, generally defined as posts that, when clicked on, result in "the user's account being hijacked and in malware being automatically posted on the walls of the respective user's friends."
The numbers were derived from Safego's analysis of news feed items viewed by the 14,000 Facebook users who have installed the app. Considering Facebook has 500 million users around the world, that's a small sample, but it's also a sample of users who, by virtue of installing the app in the first place, indicate that they're relatively security-minded. The "average" Facebook user may well be even more likely to see malicious posts, in theory.
Over 60 percent of attacks come from notifications from malicious third-party applications on Facebook's developer platform, the study found. Within that, the most popular subset of "attack apps" (21.5 percent of total kinds of malware) were those that claim to perform a function that Facebook normally prohibits, like seeing who has viewed your profile and who has "unfriended" you. 15.4 percent lure in users with bonus items for Facebook games like free items in FarmVille; 11.2 percent offer bonus (yet bogus) Facebook features like free backgrounds and "dislike buttons," 7.1 percent promise new versions of well-known gaming titles like World of Warcraft; 5.4 percent claim to give away free cell phones; and 1.3 percent claim to offer a way to watch movies for free online.
Beyond "app attacks," BitDefender found that an additional 16 percent of malware viewed on Facebook entices users to watch some kind of shocking video, like this one that claims to depict an anaconda coughing up a hippo, and that an additional 5 percent of attacks can be connected to viruses like Koobface.
And this isn't all the malware that gets flung across the social network: The BitDefender app only analyzed what's visible in users' news feeds. Private Facebook messages, which were just upgraded and expanded to include many different points of entry last week, are also vulnerable to attack.
Facebook says that it monitors activity routinely and keeps abreast of security concerns as quickly and expediently as possible, but as with anything else on the Web, dealing with malware is always a game of defense.