Social networking threats on the up

Over half of social networking users have received spam via a site while over a third have been sent malware.

There has been a rise of 70.6 per cent in social networking spam over the last year, with a rise of 69.8 per cent in malware being sent.

Graham Cluley, senior technology consultant for Sophos, whose 'social security' investigation revealed the figures, said: "Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made.

"The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organised cyber crime, or risk falling prey to identity theft schemes, scams and malware attacks."

Facebook was also revealed to be the social network respondents believed posed the biggest security risk, with 60 per cent naming it. MySpace gained 18 per cent of the vote, Twitter 17 per cent and LinkedIn four per cent.

Despite this low figure, Cluley believed that LinkedIn can still provide a sizeable pool of information for hackers. He said: "Targeted attacks against companies are in the news at the moment, and the more information a criminal can get about your organisation's structure, the easier for them to send a poisoned attachment to precisely the person whose computer they want to break into.

"Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff's names and positions, making it child's play to reverse-engineer the email addresses of potential victims."

David Harley, director of malware intelligence at ESET, said: "In 2010, it's more than likely that we'll see increased targeting of social networks, such as Facebook, LinkedIn, Twitter, and Orkut and Hi5 in South America. Attackers will be looking for data they can exploit from a social engineering standpoint, but they will also be looking for cross-site scripting and replicable malware attacks on the websites as well as their application programming interfaces.

"Data mining (both legitimate and criminal) will have a wider range of effects on individuals, and some of those effects will be far from beneficial. A notable example is Facebook's lack of commitment to a realistic security model, which would be a very significant supplement to its rather generic security centre advice. It seems to me that Facebook is encouraging its users to share as much information as possible while essentially making them responsible for the security of their own data."

Luis Corrons, technical director of PandaLabs, said: "Users are able to learn, so usually when we know that a message is spam, we do not even open it. That is why the spammers have to think up new techniques, not only to circumvent the spam filters, but the own user's capabilities to recognise spam.

"Nowadays, the use of the social networks and web 2.0 sites is really popular, so the spammers are trying to adjust their techniques; some of them, even if they're not that smart, at least are something new worth mentioning, so we can learn and avoid to fall in some of them."