Malware most potent on social networks

Share this article:

Malware distributed via social networking sites is 10 times more effective than malware spread via email, according to Kaspersky Lab Global Research.

In a presentation at the Kuwait ICT Security Forum last week, Stefan Tanase, malware analyst at the EEMEA Research Center, Kaspersky Lab Global Research and Analysis Team, said social networks have a 10 percent success rate in terms of infection compared to less than one percent for malware spread via email.

This has enormous implications for the future of social networking, because the popularity of social networking sites has not been ignored by cybercriminals. Last year, sites such as Facebook and Twitter became hotbeds of malware and spam -- and yet another source of illegal gains on the internet, Tanase said.

“The Kaspersky Lab collection contained more than 43,000 malicious files relating to social networking sites in 2008 alone," Tanase said.

It doesn't help that social networking users trust other users and accept messages from people on their friends list almost without thinking, Tanase said. This makes it easy for cybercriminals to spread links to infected sites.

The problem looms larger when the phenomenal growth of social networking is taken into consideration. Kaspersky estimates that in 2009, social networking sites will be used by around 80 percent of all internet users, which translates into an equivalent of more than one billion people.

Social networkers can be highly vulnerable to malware attacks and must take precautionary measures to protect themselves, Tanase said.

A worm recently spread on Twitter, infecting an unknown number of Twitter profiles. The worm propagated from one user profile to another by exploiting cross-site scripting vulnerabilities in unfiltered inputs on the Twitter profile pages.

"What users can do to protect themselves from cross-site scripting worms is to only allow JavaScript code to be executed from trusted sources," said Tanase. "And keep their antivirus definitions updated."

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.