A colleague's Twitter account was hacked, and his account sent me one of those "Here are embarrassing photos of you" links, with a bit.ly
The URL, interesting enough, pointed to an actual Facebook app with a Facebook login, instead of a fake page. So perhaps malware writers are not using Facebook as a platform.
Anyhow, after contacting the victim, I wrote to bit.ly
to tell them about the link and got the following reply:
"Thanks for reaching out. The link you sent links directly to Facebook, and as a policy we do not block Facebook links. I recommend reaching out to Facebook directly as well as not clicking on the spam link."
I guess I could be a good netizen and followup with Facebook, but this is a real hassle. And I don't have a Facebook account, so it might turn out to be a bigger hassle.
I do wish there was a central system where one could report malware things to an affected site, and related sites could be contacted.