• United States



by Carrie-Ann Skinner

Two in Five Social Networkers have Been Sent Malware

Jan 19, 20113 mins
BroadbandData and Information SecurityEndpoint Protection

Two in five social networkers have been sent malware such as worms via sites such as Facebook and Twitter, says Sophos.

Two in five social networkers have been sent malware such as worms via sites such as Facebook and Twitter, says Sophos.

According to the firm’s Security Threat Report 2011, that’s a 90 percent increase on summer 2009. Furthemore, more than two thirds (67 percent) have been spammed via social networking sites and 43 percent have been the victim of a phishing attack through a social network.

“Rogue applications, clickjacking, survey scams – all unheard of just a couple of years ago – are now popping up on a daily basis on social networks such as Facebook,” said Graham Cluley, senior technology consultant at Sophos.

“Why aren’t Faceboook and other social networks doing more to prevent spam and scams in the first place? People need to be very careful they don’t end up being conned for their personal details, or get tricked into clicking on links that could earn money for cybercriminals or infect innocent computers.”

Social networks at work

The survey also revealed that more half of those surveyed can use social networks from their work machine without any restrictions. However, 59 percent admit employee behaviour could endanger their work network, and 57 percent are concerned that colleagues share too much information on social networks.

“Total bans on users accessing social networking sites are becoming rarer, as more firms recognise the value such sites can bring in raising brand awareness and delivering social media marketing campaigns,” added Cluley.

“If your business isn’t on Facebook, but your competitors are, you are going to be at a disadvantage. But you have to be aware of the risks and secure your users while they’re online.”

The big threats of 2010

In the report Sophos labelled an attack on Twitter as the biggest single social networking security incident of 2010.

The ‘onMouseOver’ worm hit the micro-blogging site in September 2010. The cross-site-scripting (XSS) attack resulted in pop-ups and third-party websites being opened despite users simply hovering over links with their mouse.

The security firm also named the WikiLeaks saga as the most high-profile IT security story of last year. A number of distributed denial-of-service (DDoS) attacks were launched against companies withdrawing support for the controversial whistleblowing site after it began to publish a large cache of sensitive cables from the US Department of State.

Fake antivirus software and poisoned search results were also named as big security threats of 2010.

Sophos also revealed that the UK has risen to number six in the list of countries that host the most infected web pages. The UK is responsible for 2.68 percent of all the world’s malware hosted on websites. However, the US remains top and is responsible for 39 percent. Meanwhile, France knocked China from second spot in the list by accounting for 10 percent of all the world’s malware.

“Many computer users still don’t realise that you can wind up with something nasty on your machine simply by visiting a website,” said Cluley.

“Over the year, we saw an average of 30,000 new malicious URLs every day – that’s one every two to three seconds. More than 70 percent of these are legitimate websites that have been hacked – this means that businesses and website owners could inadvertently be infecting their patrons unintentionally and without their knowledge.”