The University of California, Riverside created a free application to detect spam and malware on users’ Facebook walls, MyPageKeeper, coining a new term in the process: “socware,” a combination of social malware.
MyPageKeeper works by continuously scanning users’ walls and news feeds, identifying socware posts, and alerting the users, and the researchers are considering allowing the app to remove malicious posts automatically at some point in the future.
The app factors in the social context of posts, including keywords, likes, and comments, and the researchers behind the project found that the presence of words such as free, hurry, deal, and shocked was a strong indicator of spam, as was a low number of likes or comments. The app also checks URLs against domain lists that have been tagged as responsible for spam, phishing, or malware.
The four-month experiment by several UC Riverside engineering professors and graduate students that spawned MyPageKeeper found that the app successfully flagged 97 percent of socware, and it was only incorrect 0.005 percent of the time.
During the experiment, the researchers analyzed more than 40 million posts from 12,000 people who installed MyPageKeeper, finding that 49 percent of users were exposed to at least one socware post.
The researchers added that MyPageKeeper took an average of 0.0046 seconds to classify posts, as compared with the 1.9 seconds it takes when using the traditional approach of website crawling.
Other findings by the researchers included:
- While “a consistently large number” of socware notifications are sent every day, there were noticeable spikes on certain days, such as July 11, when a scam that attempted to bait users into completing surveys by promising them free products went viral.
- Only 54 percent of socware links were shortened by URL shorteners such as bit.ly and TinyURL, and many scams used domain names that were clearly fake, such as iphonefree5.com and nfljerseyfree.com.
- Certain words were more likely to be associated with certain types of socware, as “omg” was 332 times more likely to appear in Facebook socware, while “bank” was 56 times more likely to appear in email spam.
- 20 percent of socware links were hosted inside Facebook.
The experiment that led to MyPageKeeper was conducted by: Harsha V. Madhyastha, assistant professor of computer science and engineering, Bourns College of Engineering; Michalis Faloutsos, professor of computer science and engineering; and PhD students Md Sazzadur Rahman and Ting-Kai Huang.
This is really the perfect recipe for socware detection to be viable at scale: high accuracy, fast, and cheap.
This is really an arms race with hackers. In many ways, Facebook has replaced email and websites. Hackers are following that same path, and we need new applications like MyPageKeeper to stop them.
Malware on Facebook seems to be hosted and enabled by Facebook itself. It’s a classic parasitic kind of behavior. It is fascinating and sad at the same time.
Readers: Would you consider using an app like MyPageKeeper to combat spam and malware?