New Spam Scam App Successfully Blocks Malware
October 9, 2012

New Spam Scam App Able To Block Social Media Malware

Enid Burns for — Your Universe Online

These days, it's fairly common to see a post on Facebook promising free Ray Ban sunglasses or offers for other free products in exchange for taking a survey. While you might be able to identify these messages as scams most of the time, a new app called MyPageKeeper — created by students and researchers at the University of California, Riverside's Bourns College of Engineering — can quickly eliminate those scammy posts for you.

MyPageKeeper is similar to an antivirus program. Once set up, it continuously scans walls and news feeds of subscribed users and is able to identify spam posts or spam-like posts. In creating the MyPageKeeper app and studying its operations, researchers have created the term "socware" (pronounced "sock-where") to describe social malware. The term encompasses all criminal and parasitic behavior on online social networks.

In the four months that it took to conduct the experiment between June and October of 2011, researchers analyzed more than 40 million posts from 12,000 people who installed MyPageKeeper. In that period, 49 percent of users were exposed to at least one socware post.

"This is really an arms race with hackers," said Michalis Faloutsos, a professor of computer science and engineering who participated in the research. "In many ways, Facebook has replaced email and web sites. Hackers are following that same path and we need new applications like MyPageKeeper to stop them."

The application, which the researchers currently offer for free, successfully flagged 97 percent of socware during the experiment. Researchers later identified only 0.005 percent of flagged posts were false positives, or posts from desired sources. MyPageKeeper currently alerts users to posts classified as socware so that users can avoid falling prey to spam or malicious false advertisements. In the future, the app might even be able simply delete flagged posts before they spread.

Several factors are involved in identifying a post as socware. One of the main factors is the use of 100 keywords such as "free," "hurry," deal," and "shocked." According to researchers, these keywords "provide a strong indication of the post being spam".

An additional factor the app looks for is the so-called "social context" of posts. Socware posts tend not to get "likes" and comments due to their irrelevance.

Researchers studied the results from the MyPageKeeper app and presented findings in a paper presented at the USENIX Security Symposium 2012. In tabulating data, the group was able to pull some key findings.

One finding showed only 54 percent of socware links use shortened URLs such as and While it might make sense for socware to use shortened URLs — which inadvertently serve to mask the URL — several identified posts use an actual URL, many with fake domain names such as and Researchers say users often fall for these posts and click on the links.

Socware is different from spam in the type of words it typically uses. Words such as "omg" are 332 times more likely to appear in Facebook socware. By contrast, "bank" is 56 times more likely to appear in email spam. This indicates that as spammers adapt to new platforms, they also learn to adapt their tactics and language. The study also found 20 percent of socware links are hosted inside of Facebook.