Malware most potent on social networks

Share this article:

Malware distributed via social networking sites is 10 times more effective than malware spread via email, according to Kaspersky Lab Global Research.

In a presentation at the Kuwait ICT Security Forum last week, Stefan Tanase, malware analyst at the EEMEA Research Center, Kaspersky Lab Global Research and Analysis Team, said social networks have a 10 percent success rate in terms of infection compared to less than one percent for malware spread via email.

This has enormous implications for the future of social networking, because the popularity of social networking sites has not been ignored by cybercriminals. Last year, sites such as Facebook and Twitter became hotbeds of malware and spam -- and yet another source of illegal gains on the internet, Tanase said.

“The Kaspersky Lab collection contained more than 43,000 malicious files relating to social networking sites in 2008 alone," Tanase said.

It doesn't help that social networking users trust other users and accept messages from people on their friends list almost without thinking, Tanase said. This makes it easy for cybercriminals to spread links to infected sites.

The problem looms larger when the phenomenal growth of social networking is taken into consideration. Kaspersky estimates that in 2009, social networking sites will be used by around 80 percent of all internet users, which translates into an equivalent of more than one billion people.

Social networkers can be highly vulnerable to malware attacks and must take precautionary measures to protect themselves, Tanase said.

A worm recently spread on Twitter, infecting an unknown number of Twitter profiles. The worm propagated from one user profile to another by exploiting cross-site scripting vulnerabilities in unfiltered inputs on the Twitter profile pages.

"What users can do to protect themselves from cross-site scripting worms is to only allow JavaScript code to be executed from trusted sources," said Tanase. "And keep their antivirus definitions updated."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.