Facebook Using Websense To Fight Malicious Links

Jennifer LeClaire, newsfactor.com
October 3, 2011

Malicious activity on social networks has long been documented. Facebook user-accounts get hijacked. Malicious links lead to infected computers.

According to Sophos' Security Threat Report 2011, the number and diversity of attacks on social networks -- including malware, phishing and spam -- grew steadily throughout 2010.

When Sophos issued its report, Graham Cluley, senior technology consultant at the firm, asked the question: "Why aren't Facebook and other social networks doing more to prevent spam and scams in the first place?"

In response, Facebook is making more of an effort to stop the social-media malicious madness.

Another Layer of Security

Facebook and Websense teamed up in a technology integration partnership that aims to help protect Facebook users from links that lead to malware and malicious sites.

Websense technology is adding a layer of security to the social-networking giant's existing protections in hopes of preventing users from clicking on links without understanding where that click may lead.

The solution is live now. Here's how it works: When a Facebook user clicks on a link, it is checked against a Websense database. If Websense determines the link is malicious, the user sees an intermediate page that offers the choice to continue at their own risk, return to the previous screen, or get more information on why it was flagged as suspicious.

Don't Rely on Facebook Alone

For all the buzz over the announcement, however, Sophos' Cluley doesn't believe the new solution represents a significant a change of direction by Facebook.

"Back in May, Facebook announced they had partnered with Web of Trust for the same thing. That's when those warning messages first began to appear. I imagine they'll add a number of security partners to their list. Websense is just another one for the list," Cluley said. "We would continue to recommend that users run anti-virus on their computers and not just rely on Facebook -- and its partners -- scanning the links for them."

The problem is serious. According to Sophos, 40 percent of social-networking users surveyed have been sent malware such as worms via social-networking sites, a 90 percent increase from April 2009. What's more, 67 percent say they have been spammed via social-networking sites, more than double the proportion less than two years ago, and 43 percent have been on the receiving end of phishing attacks, more than double the figure since April 2009.

"Many computer users still don't realize that you can wind up with something nasty on your machine simply by visiting a website," Cluley said. "Over the year, we saw an average of 30,000 new malicious URLs every day -- that's one every two to three seconds.

"More than 70 percent of these are legitimate websites that have been hacked. This means that businesses and website owners could inadvertently be infecting their patrons unintentionally and without knowledge."