This infographic in the source link provides clues to why Facebook is such a prime target.
It all has to do with numbers; who has the most to have malware target. Why turn to a small community when you have millions of folk to target for the same effort.
Microsoft battled all comers during the days of DOS to become the over-all winner. The results of that winning the battle of the Operating Systems has resulted in what is called the computer monoculture.
According to Wikipedia, during Aug of 2011, personal computer users were using these OSes.
Microsoft accounted for 87.1% worldwide
Apple accounted for 6.7%
Linux accounted for 1%
So Windows is still clearly the target with the biggest bang for the buck in selecting a direction for malware. When you have as many eyes focused on one target, someone is bound to find an entrance door. When it is first found, before anyone is aware of it, it is called a Zero Day. A Zero Day exploit has no defenses written in by software designers nor programmers because no one at that point knows about the insecurity. It is wide open to abuse with no defenses existing to prevent usage.
By the infographic, Facebook sees 4 million users a day exposed to spam, 20 million have been exposed to malware, and 600,000 attempts to hijack logins per day.
Now that is a lot of activity. Facebook has ratcheted up it’s security but as can be seen from the above numbers, it hasn’t closed the barn door. To be sure, Facebook can be counted on to have professional programmers on hand with security in mind, both to end the problems that it can, and to close the exploits on its site. What it can not do, is secure the end user and their computer.
As with all security systems, the weakest link always seems to come back to the computer users. Between phishing scams, keyloggers, trojans, and a wide variety of social engineered dataloggers, it’s hard to keep a computer clean when the user doesn’t have security as the number one. Some don’t care, some can’t afford the tools to be secure or aren’t aware of where to find the free stuff offered on line, and some can’t control curiosity. It all amounts to ready targets available.
Because of the above the only real answer to malware will come as a securing of the Operating System. Linux does that through root access control with password. Apple, being based on Linux, does the same. Only with Vista has Microsoft attempted to enter the area of restricting root access. Microsoft did a poor deployment in the process and that turned Vista into an OS no one wanted. Win7 and now Win8 attempts to address that failure of implementation.
What users can do in the meantime to help keep away from malware has been what’s its always been.
Create a strong password, don’t accept unknowns, monitor what comes into your area, use HTTPS when ever possible, don’t click on suspicious links, and use security software.