Facebook is taking action against the escalating number of social media exploits of personal and corporate accounts by offering a browser-based malware scanner as a free service.
The service, provided by F-Secure and Trend Micro, will be available to Facebook users whose accounts have been temporarily frozen due to suspicious activity caused by a potential malware infection.
Malware often targets Facebook users and their friends by masquerading as legitimate postings, and embedding malicious links.
“Facebook’s dramatic global growth has significantly changed how people interact with their friends and family,” said Arto Saari, product manager at F-Secure, in a statement. “In turn, Facebook’s popularity has made it a major target for online criminals. We are pleased to partner with Facebook to stop cybercriminals from taking advantage of Facebook’s user base for malicious ends.”
When a user is logging in from an infected device and Facebook identifies an account behaving suspiciously, he or she will see a notification screen about the malware infection along with a recommendation to use either F-Secure’s scanner or Trend Micro's HouseCall product. The user can choose to skip the malware removal process or download the recommended software. Users who skip the malware removal step may be prompted again later.
Users who download and run the scanner can continue to use Facebook and other services during the scan. The malware scanning and cleanup technology is fully integrated into the Facebook user experience and is executed directly in the browser window, from within Facebook.
When the cleanup is complete, the user will receive a notification through Facebook and will be able to review the results of the scan and securely re-log into their Facebook account. The scanner is suited to the type of threat detected, so it’s recommended to run it even if the device already has an anti-virus program installed. It will also remove itself once done running.
Last week, a bait-and-switch campaign was discovered that draws victims in with a promise of hard-to-get tickets to One Direction or the Rolling Stones.
Facebook has taken steps of late to beef up security, by implementing two-factor authentication and earlier this year launching a bespoke threat information network. Dubbed ThreatData, it’s a framework for collating information on internet threats that could impact the social network, for analysis by real-time defensive systems and longer-term examination. After Heartbleed in April, Facebook joined Google, Microsoft and other tech giants to better fund OpenSSL and other open-source initiatives to give these projects a much-needed resource injection to keep up with the complexity involved in today's coding.
“Helping people stay safe on Facebook is a hugely important part of what we do and we’re glad to be adding the strength of F-Secure’s anti-virus technology to our existing systems to block and eradicate malware,” said Chetan Gowda, software engineer at Facebook, in a blog post.