Identifying socioware (social malware) in Facebook

Md Sazzadur Rahman UC Riverside
Ting-Kai Huang UC Riverside
Harsha V. Madhyastha UC Riverside
Michalis Faloutsos UC Riverside

With more than 845 million monthly active users, Facebook is currently the most popular online social networking site. Such tremendous popularity also makes Facebook an easy target for spammers to spread socioware - a term which we use to refer to fake, annoying or dangerous posts. The power of socioware lies in the fact that it takes the form of postings and communications between friends. Thus, unlike email spam which is usually received from unknown accounts, socioware posts come with the implicit endorsement of a friend who allegedly posted the information. Socioware is a new kind of cyber threat that requires novel security approaches.

In this paper, we make the following five contributions:

  • We propose a scalable and efficient technique to identify socioware in Facebook
  • We show that socioware is prevalent: 49% of Facebook users were exposed to at least one socioware post during our four-month study
  • We demonstrate that a traditional blacklist-based defence mechanism is not sufficient to identify socioware, since blacklists failed to detect 96% of socioware posts in our study
  • We highlight a new type of exploitation, which we term 'Like-as-a-Service', that attempts to artificially raise the 'Likes' of a given Facebook profile
  • We show that a significant portion of socioware is hosted on the Facebook infrastructure.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.