Facebook malware threatens campus web security


Hackers have turned to social media sites in recent years.

Students will click on just about anything posted to their Facebook walls—a social media habit that has brought a flood of malware to college campus networks.

These deceitful Facebook links—posted by hackers who have stolen student login information—have become a primary concern among campus technology leaders, and some colleges and universities are using security programs that isolate student computers before they do damage to the entire campus network.

Much like hackers have used suspicious eMail messages to solicit personal information from web users, spammers are now “clickjacking” Facebook accounts and posting links to friends’ Facebook pages.

It appears to Facebook users that a friend has shared something with them—perhaps a contest to win a cruise or an Apple iPad. If they click the link, their information is stolen, and the process begins again.

For more on keeping campus networks secure, see:

How to Win the Network Security Battle

As millions have flocked to Facebook, phishing—acquiring user names and passwords by posing as a trusted friend—has shifted largely toward social media attacks.

Social networking attacks accounted for about 20 percent of all phishing scams in January 2009, according to a report from Microsoft Security Intelligence. By July, that number had risen to more than 70 percent of all phishing attempts.

About 20 percent of Facebook users have some sort of virus or malware in their profile’s news feed, according to antivirus security company BitDefender.

“It’s an ever-changing battle for us,” said Jonathan Domen, a network analyst at Bryant University in Smithfield, R.I., a private campus with about 3,600 students. “It really comes down to getting a handle on it really quickly before people start clicking and things get much worse.”

Blocking Facebook, campus technology chiefs said, isn’t an option, because so many students use the site for social and educational purposes, connecting to classmates and professors alike.

“We have to walk a very fine line,” said Domen, adding that Bryant’s network blocks students from accessing Facebook applications that are especially vulnerable to malware.

For more on keeping campus networks secure, see:

How to Win the Network Security Battle

Bryant University uses a program that isolates potential phishing victims and blocks their access to the campus network until the student has followed instructions that help him or her fix the security breach.

It usually takes students about three minutes to clear malware picked up through social media, Domen said. The program was made by New Hampshire-based network security company Bradford Networks.

“Quarantining” infected student laptops or campus computers that have been attacked via Facebook is also a way to help students understand the threats that lurk on Facebook, no matter how irresistibly clickable some links might be.

“It’s an awareness program to let students know not to do this,” said Frank Andrus, chief technology officer for Bradford Networks. “A lot of times, the student doesn’t even know that this is happening, that [his or her computer] is being compromised.”

A popular Facebook phishing scheme that surfaced last year brings users to a Facebook login page that looks identical to the real page. If a user name and password are entered on the fraudulent site, a hacker can gain control of that person’s Facebook account.

Battling this scheme requires a quick glance at the website URL, Andrus said. If the website address doesn’t begin with Facebook.com, the social media user should immediately exit the page.

Hackers “want you to jump off of the Facebook server and jump onto another server, so it can take your [information],” Andrus said.

Facebook apps can be a source of malware on campus networks, but an application launched last fall claims to scan Facebook news feeds for infected links or posts.

BitDefender’s Safego reviews Facebook pages using cloud computing and provides a privacy rating that tells users how vulnerable they are to a social media phishing attack.

Facebook use is “already embedded” in higher education, Domen said, meaning IT officials will have to tread lightly in policing Facebook use among its network users.

“It seems like there’s only a handful of people on campus that aren’t on Facebook,” he said. “So this challenge is going to continue.”

For more on keeping campus networks secure, see:

How to Win the Network Security Battle

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Oops! We could not locate your form.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.