Receiving spam messages or malicious links from your friends is not uncommon for anyone who uses social media services. Now Facebook has announced fresh moves to combat it, by notifying affected users and offering them free anti-malware software and scans.
F-Secure and Trend Micro are Facebook's launch partners and their scanning and clean-up technology will tackle malware from worms and Trojans to spyware and adware, as well as offering antivirus.
"Facebook's dramatic global growth has significantly changed how people interact with their friends and family," said Arto Saari, product manager at F-Secure. "In turn, Facebook’s popularity has made it a major target for online criminals."
As well as the usual headaches around hampering device performance and stealing personal information, some malware variants are now looking to gain access to a system such as Facebook to post malicious links or spam from an otherwise legitimate account. A compromised account is highly dangerous as all the links its posts will seem to come from friends or a user's favourite brands.
How the integrated malware process works is straightforward. When Facebook identifies an account behaving suspiciously, the user or brand account will see a popup notifying them of a potential malware infection. It will recommend downloading anti-malware software from F-Secure or Trend Micro and Facebook will notify them when the scan is complete. The downloaded software then removes itself once the job is done. It's possible to skip the scan, but notifications will keep coming.
According to Saari, not everyone has active client-security installed on their device and the new service provides this as an added layer of security. "It does not replace active preventive client security [and] Facebook malware removal does not conflict with any third-party client security software on a device. In addition, it removes all identified malware on the device, not only the one spotted doing the suspicious activity."
Facebook says it will offer additional software options in the future and F-Secure expects integrated security measures to become a standard part of large web services. "Combining server-side visibility of suspicious behaviour with client-side capability to notify the user and provide remediation is a powerful combination," Saari said.