Social networking threats continue to grow at an alarming rate. To date, tens of thousands of malware samples have been spread through social networks.
This is according to Stefan Tanase, regional researcher with the Global Research and Analytics Team, at Kaspersky Lab EEMEA. “This year alone, social networking sites will be used by about 80% of Internet users, the equivalent of over one billion people,” he says.
“Web 2.0 applications have become increasingly popular among Internet users in the past few years, a trend that is unlikely to end soon. More and more traditional Web sites are shifting towards Web 2.0 concepts, and new users are adopting the Web 2.0 lifestyle every day.”
Social networking's growing popularity has not gone unnoticed by cyber crooks. “Last year, sites were targeted by plenty of malware and spam, two sources of illegal earnings on the Internet. Kaspersky Lab contained over 43 000 malicious files, targeting social networking sites last year alone.”
Tanase says these applications are not only being used at home, but in a corporate environment as well, which is raising the stakes for malware authors and security professionals alike. He says the user is somewhere in the middle, unknowingly helping the attackers, while also falling victim to attacks.
He says malware distributed over social networking sites is ten times more effective than if spread via e-mail.
Seemingly innocent
Information such as names and passwords belonging to the users of social networking sites, if stolen, can be used to send links to infected sites, for spam or fraudulent messages, such as a seemingly innocent request for an urgent money transfer.
This is successful, says Tanase, because generally, users of social networking sites trust people on their friends' list, often accepting messages from these people without thinking. “In addition, criminals use various means to encourage the recipient to open a link contained in the message and download a malicious programme.
“Major Web 2.0 platforms such as Facebook or Twitter are very vulnerable to malware attacks and end users need to be aware of the risks and know what measures to take in order to protect themselves.”
However, he says it's hard for the sites themselves to do better in terms of security, as their business is usability, something that security generally detracts from.
He cites a worm recently spread on the popular micro-blogging Web site Twitter as an example. Being able to execute JavaScript code, it propagated itself from one profile to another by exploiting Cross-Site Scripting (XSS) vulnerabilities in unfiltered inputs on the Twitter profile page.
"As Web 2.0 platforms gain popularity, we need to see both sides, the good and the bad," he says.
Share