Students battle Facebook malware with security app


Facebook accounts for about 5 percent of all phishing attacks.

An application designed by a University of California Riverside student duo has a built-in customer base: the thousands of Facebook members whose accounts are littered with spam and malware every day, along with college IT directors afraid those hacker postings will harm the campus’s network.

Even the most vigilant Facebook members can miss malware posted to their account when hackers use stolen user names and passwords to spread harmful links using enticing deals like free Apple iPads or Southwest Airlines flights, or advertising supposed video of Osama Bin Laden’s death.

Read more about Facebook in higher education…

Social media in higher ed: Friend or foe?

Can Facebook posts lead to college rejections?

Feeling down? Update your Facebook status, students say

MyPageKeeper, created by UC Riverside Ph.D. students Ting-Kai Huang  and Sazzadur Rahman, once downloaded, scans a Facebook user’s news feed for potential spam and phishing attempts and sends warnings detailing security compromises.

This not only safeguards the user’s Facebook account, but also the accounts of his or her friends who might click on fraudulent links that launch covert attacks against personal computers when clicked.

MyPageKeeper has been downloaded by more than 3,000 Facebook account holders since its beta version launch in mid-June.

“We have to leverage the power of the people to counteract the high-tech intelligence of the hackers,” said Michalis Faloutsos, a professor of computer science and engineering at UC Riverside and creator of StopTheHacker.com, a site offering a host of anti-malware programs. “Otherwise, things could be very difficult” for college students and others who log onto Facebook several times a day.

Facebook is among the most phished sites on the internet, according to a 2010 report released by antivirus vendor Avira. Phishing attacks – provocative links posted to people’s Facebook pages by hackers posing as the account holder – jumped by 64 percent in July 2010, the report said.

Facebook accounts for 5.7 percent of all phishing attacks, more than Google or the IRS, but only a fraction of PayPal, which accounts for 52 percent of phishing scams.

Faloutsos  said Facebook frequenters, especially tech-savvy college students, are more aware of common phishing and malware schemes than they were when hackers first employed the tactic several years ago, but as long as malicious posts appear in the ever-changing news feed, the threat remains.

“I believe in general there’s a great lack of awareness when it comes to security,” he said. “Hackers have become better and better at this over time … and their attempts are more clever than ever.”

Campus technologists have long fretted over the malware that can sneak into a college’s network when students click on suspicious Facebook links and give access to hackers trolling for personal information.

“It’s an ever-changing battle for us,” said Jonathan Domen, a network analyst at Bryant University in Smithfield, R.I., a private campus with about 3,600 students. “It really comes down to getting a handle on it really quickly before people start clicking and things get much worse.”

Raymond Rose, a longtime educational technology developer, said programs designed to monitor social media would be welcomed on college campuses, where Facebook users might be dangerously unaware of internet security issues.

“I’m not sure how many students pay attention to the security issues so, an app has got to help, and it’s important to help all computer users, not just college students, attend to cyber security issues,” Rose said. “Any tool that helps is worthwhile, but campus IT officials should be doing more than encouraging students to protect against Facebook malware.”

Blocking Facebook, campus technology chiefs said, isn’t an option, because so many students use the site for social and educational purposes, connecting to classmates and professors alike.

“We have to walk a very fine line,” said Domen, adding that Bryant’s network blocks students from accessing Facebook applications that are especially vulnerable to malware.

Bryant University uses a program that isolates potential phishing victims and blocks their access to the campus network until the student has followed instructions that help him or her fix the security breach.

It usually takes students about three minutes to clear malware picked up through social media, Domen said.

MyPageKeeper joins another popular anti-malware Facebook application that gained traction in higher education last fall.

BitDefender’s Safego reviews Facebook pages using cloud computing and provides a privacy rating that tells users how vulnerable they are to a social media phishing attack.

Facebook use is “already embedded” in higher education, Domen said, meaning IT officials will have to tread lightly in policing Facebook use among its network users.

“It seems like there’s only a handful of people on campus that aren’t on Facebook,” he said. “So this challenge is going to continue.”