Malware most potent on social networks

Malware distributed via social networking sites is 10 times more effective than malware spread via email, according to Kaspersky Lab Global Research.

In a presentation at the Kuwait ICT Security Forum last week, Stefan Tanase, malware analyst at the EEMEA Research Center, Kaspersky Lab Global Research and Analysis Team, said social networks have a 10 percent success rate in terms of infection compared to less than one percent for malware spread via email.

This has enormous implications for the future of social networking, because the popularity of social networking sites has not been ignored by cybercriminals. Last year, sites such as Facebook and Twitter became hotbeds of malware and spam -- and yet another source of illegal gains on the internet, Tanase said.

“The Kaspersky Lab collection contained more than 43,000 malicious files relating to social networking sites in 2008 alone," Tanase said.

It doesn't help that social networking users trust other users and accept messages from people on their friends list almost without thinking, Tanase said. This makes it easy for cybercriminals to spread links to infected sites.

The problem looms larger when the phenomenal growth of social networking is taken into consideration. Kaspersky estimates that in 2009, social networking sites will be used by around 80 percent of all internet users, which translates into an equivalent of more than one billion people.

Social networkers can be highly vulnerable to malware attacks and must take precautionary measures to protect themselves, Tanase said.

A worm recently spread on Twitter, infecting an unknown number of Twitter profiles. The worm propagated from one user profile to another by exploiting cross-site scripting vulnerabilities in unfiltered inputs on the Twitter profile pages.

"What users can do to protect themselves from cross-site scripting worms is to only allow JavaScript code to be executed from trusted sources," said Tanase. "And keep their antivirus definitions updated."