by Ondrej Krehel

, the antivirus company, recently released a study that one in five Facebook users are exposed to malware through bogus news feeds.

The statistics were gleaned from the beta app . More than 14,000 FB users have installed the app, which isn’t much of a sample considering there are a half-billion users. As CNET put it, though, “…it’s also a sample of users who, by virtue of installing the app in the first place, indicate that they’re relatively security-minded. The ‘average’ Facebook user may well be even more likely to see malicious posts, in theory.” We couldn’t agree more.

More than 60 percent of malware attacks on the social networking site come from third-party apps that offer things such as free items in FarmVille and fake items such as dislike buttons or free backgrounds. Other attacks include links to shocking videos.

This is just one more example of Facebook becoming the preferred platform for hackers and scammers. So it’s no surprise that we’re seeing a boom in security-centric Facebook apps, such as Safego, designed to halt malicious use of Facebook accounts.

Get used to this back-and-forth. Facebook isn’t going anywhere, whether you like it or not, and as they continue to add features, hackers and app developers will continue their dance.

For example, Facebook Messages, which launched last month, provides users an email address with an inbox that also collects chats and SMS messages—all in one place. It may be convenient for you, but it’s also —and the hackers masquerading as app developers—who, if you grant it to them in your permissions, have access to your personal messages.

So now, if you’re using Facebook Messages and you unwittingly download a scary movie app that’s really a front for Russian hackers, you’ve handed them all your text and email messages, instead of just access to your Facebook page. Your Facebook assets just became more valuable—so they require better protection. Now the question is who will provide it and at what cost?

Ondrej Krehel, Chief Information Security Officer,

Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.


Leave a Reply