Facebook’s growing popularity has made it a gateway for viruses and other malware to attack your computer.
So, you like to use Facebook applications. You know who you are: the farmers and city builders, the daily horoscopes and questionnaires, the epic Knights and mobsters. Well Facebook apps are fine and dandy, but did you know that you can get viruses or other forms of malware through Facebook, or even have your identity stolen? It’s true.
Malware basically refers to any piece of software that’s intended to cause undesirable effects in your computing experience. This might include something as innocuous as spamming you with advertisements, or something as nefarious as stealing your online banking credentials. Because of how sophisticated modern Internet browsers are and because of all the fancy stuff you can do right from within your browser window, one of the things hackers like to do most are called client-side exploitations, which is just a fancy way of saying that they hack you through your Internet browser.
Prevent browser malware
You see, the important thing to know about these kinds of attacks (and make no mistake about it, it is an attack – what would you call it if a mugger on the street attempted to snatch-and-grab your purse? An attack, right?), is that they usually require a little help from you. That could mean you clicked on a link on a website, opened a document such as a PDF or other file, or in this case added a new application to Facebook.
Facebook account infection
Most often, the way people become ‘infected’ with these bits of malware through Facebook is by the installation of an application. A popular scam that has been perpetuated before involved a friend sending the user a message saying, Someone has a crush on you! Click here to find out who! When the link was clicked, the user was asked to allow the application to install through Facebook. Facebook has warnings and disclaimers about what types of information the application will be able to access, but most people simply click ‘Accept’ to allow the application to install. At this point, the application takes a look through your friends list and begins to spam the same message out to each of them, hoping they too will install the application. Usually the victim isn’t even aware that these messages are being sent out. This is the malware trying to spread itself without your knowledge, and it’s really annoying to your friends and family.
Why am I being attacked?
Usually these applications are interested in sending spam or advertisements to people, but sometimes their aim is much worse. By taking advantage of insecurities in your actual Internet Web Browsing software (Internet Explorer or Mozilla Firefox, for instance), the malware is actually able to make the leap from Facebook onto your computer. At this point, all bets are off, and malware designed in this way is usually designed to do very nasty things, like steal information used to make purchases online (credit card numbers, logins and the like).
How to protect yourself
So I’ve just described a worst-case-scenario involving the addition of some Facebook applications. The statistics on identity theft are staggering, and they continue to grow each year. With more awesome and fun stuff to do out there on the Internet and on our mobile devices, bad guys are finding more ways to get us. How can we possibly protect ourselves from these determined criminals?
Here are some pretty simple practices you can follow to make yourself just a little bit more safe; on Facebook or otherwise:
- We have to start viewing Facebook applications just like we view applications installed on our home computers. There’s no way for us to really tell what they’re capable of doing, even though they may seem like rainbows and unicorns. If some random guy came up to you on the street and tried to give you a DVD of software, would you take it home and install it on your PC?
- Facebook feels very comfortable, and that’s why the folks at Facebook and the service itself have become immensely successful. But that doesn’t mean it’s safe. The downside to Facebook malware is that it unknowingly comes from somebody who is already a friend of yours, so you’re more likely to install it. Don’t just quickly click on the links to install the application without reviewing it first. Besides, can you really handle another farm or castle or pony to take care of?
- Attempts to install malware on your computer are becoming very sophisticated; they’re designed to look very legitimate. Keep in mind that applications cannot really alter the “core” functionality of the Facebook service itself. In other words, there’s no way for people making these applications to really change whether there is a dislike button or allow you to have your old format back, so beware of applications claiming to do so. Even if they aren’t designed to harm you in some way, they certainly look suspicious. Remember the old saying: If it sounds too good to be true, it probably is.
- Definitely do not add banking/personal information into Facebook, Facebook applications or other online websites. When you install an application, you typically give it permission to access details of your Facebook account that aren’t visible to other users. This information becomes easily accessible if your account becomes compromised.
- Play around with Facebook’s privacy controls. Facebook as an organization tries to listen to users and design the interface in a way that is appealing to the majority, and that help users protect themselves, but with the advent of applications comes some things that limit Facebook’s control to assist you. They do provide warnings, and they do have privacy settings which can help fine tune how your account appears to and interacts with other Facebook users. Although these locations are prone to change at any moment, try this: In the top right corner of your Facebook page, click on ‘Account’ and select ‘Privacy Settings’ from the drop-down menu. You should really just become familiar with these settings. There’s not much else to say.
- Under the ‘Account’ dropdown menu, click on ‘Application Settings’ to see a list of applications. Use the drop down menu at the top right to see display applications with different types of access to your account. Look for any applications that you don’t remember installing, and be especially aware of any applications that have the same name of an existing Facebook application or function.
- If you’re really suspicious, legitimate game and application publishers often have mention of Facebook applications on their websites, or you can find reviews or other information about the application by doing some quick Google searches. Sometimes if you look up a particular Facebook application, you may also find that it’s a well known piece of malware, so that’s a pretty obvious tip off.
Anyway, have fun with Facebook. As a kid who spent a lot of time on the Internet growing up, nobody is more excited than I am about the evolution and growth of the Internet and the technologies that make more awesome interaction with other people possible. As a security consultant, I am very concerned about the possibilities and challenges we face with this same innovation and growth. I’ve seen folks on Facebook that I never thought I would, and that just goes to show you how massively appealing this medium is to such a wide audience. Just remember that conmen are always looking to find and exploit new audiences.