Researchers develop app to detect malware in Facebook posts

It isn’t unusual to spot at least one Facebook post in your feed that goes “OMG OMG see this video.. WOW!” A little common sense with a hint of awareness is enough to tell that the content is malware-ridden. Now, researchers from the University of California, Riverside and security experts from have developed an application that sniffs out spam and malware posts within one’s Facebook feed. The researchers found the app, MyPagekeeper to be quite accurate, fast and efficient. 


Science Daily now reports that the MyPageKeeper application managed to successfully detect 97 percent of malware during the experiment. 

New app can detect socware

New app can detect socware



The researchers coined a new term to refer to the phenomena of social-networking malware -socware (pronounced sock-ware). Socware is the combination of 'social malware' inclusive of all criminal and parasitic behaviour on online social networks. Researchers claim that in 97 percent of instances the app managed to detect socware. It was deemed incorrect in only 0.005 percent of the test instances.


The researchers found that the traditional approach of website crawling took 1.9 seconds to detect malware; the MyPageKeeper app took an average of 0.0046 seconds to flag a post. The report further quoted Harsha V Madhyastha, an assistant professor of computer science and engineering at UC Riverside's Bourns College of Engineering, "This is really the perfect recipe for socware detection to be viable at scale: high accuracy, fast, and cheap."


Madhyastha carried out the research with Michalis Faloutsos, who is a professor of computer science and engineering, and Md Sazzadur Rahman and Ting-Kai Huang, both PhD students. Rahman presented the paper sharing the findings at the recent USENIX Security Symposium 2012.


The experiment was carried out over a period of four months, from June to October 2011. During the course of the experiment, the researchers reportedly looked through over 40 million posts from 12,000 people who installed MyPageKeeper. At the end of it, the researchers found that 49 percent of users were found to be vulnerable to at least one socware post during the four months.


A near-veteran on the topic of web security, Faloutsos, who reportedly has studied web security for more than 15 years adds, “This is really an arms race with hackers. In many ways, Facebook has replaced e-mail and web sites. Hackers are following that same path and we need new applications like MyPageKeeper to stop them."


The researchers found that words such as free, hurry, heal, and shocked were indicators of the post having spam content. "They found that the use of six of the top 100 keywords is sufficient to detect socware," added the report. 


Researchers highlighted that it is unlikely that users would 'Like' or comment on socware posts, for the fact that it adds little value. Posts with fewer 'Likes', therefore, are indicators of socware. 


Furthermore, MyPageKeeper checks URLs against domain lists that have been identified as being responsible for spam, phishing or malware. Any URL that matches is classified as socware.


Here are some findings at the end of the four-month-long experiment: 


A 'consistently' large number of socware notifications are sent each day, with significant spikes on a few days. Citing an example, the report shared that 4,056 notifications were sent on July 11, 2011, which corresponded to a scam that went viral tricking users into completing surveys with the pretext of fake free products.


Only 54 percent of socware links have been shortened by URL shorteners such as and Researchers presumed that this number would be higher, since "URL shorteners allow the web site address to be hidden." They also found that many scams use somewhat obviously "fake" domain names, such as and, but users seem to fall for it, and click on the link.


Interestingly, it found that some words tend to be likely to be found in Facebook socware than in e-mail spam. For example, ""omg" is 332 times more likely to appear in Facebook socware. Meanwhile, "bank" is 56 times more likely to appear in e-mail spam. Twenty percent of socware links are hosted inside of Facebook," it found. 


Get the app here

Published Date: Oct 11, 2012 02:26 pm | Updated Date: Oct 11, 2012 02:26 pm