Facebook protects majority of its 800 million active users from spams using a massive defense network called Facebook Immune System (FIS). But a researcher said users may lose their personal information to bots posing as friends.

The social networking site is touting that FIS limits spams circulating in Facebook to less than 4 percent of total messages that only affects 0.5 percent or 4 million of users. It uses an artificial intelligence software that detects suspicious patterns of behavior and automatically acts on it. This distinguishes spam from legitimate messages by recognizing certain key words in messages.

But while FIS contain spammers, users can be vulnerable to so-called socialbots, a strategy developed by Yazan Boshmaf and colleagues at the University of British Columbia in Vancouver, Canada to exploit the defense network.

Boshmaf and his team describe socialbots as a software that can pose as a human and control a Facebook account. It build its friends list by sending new friend requests randomly and to the friends of people who unknowingly befriended socialbots.

In a trial, Boshmaf's 102 socialbots built a list of 3,000 friends in seven weeks and extracted some 46,500 email addresses and 14,500 physical addresses from users' profiles. Such information could be used for phishing attacks and identity theft.
"An attacker could do many things with this data," says Boshmaf, according to New Scientist.

He said that it is just a matter of time that socialbot attacks happen. But the FIS' team of 30 security experts can develop a counter strategy to such attack.

Boshmaf will present the socialbot at the Annual Computer Security Applications Conference in Orlando, Florida, next month.