Survey findings released by Sophos, a security firm, on Monday revealed that in 2009 the 500 companies that took part had reported 70% more spam and malicious infections from social networks verses 2008.
72% of the companies are concerned that employee usage of social networking sites could end up in a security breach. Out of all the major ones: Twitter, Bebo, MySpace, & others, Facebook is considered the most risky.
The new privacy settings that Facebook unveiled recently allows the company to incorporate users content to Google, Bing, & Yahoo search so that the content can be in real-time search results. This means that more information could be made available to cyber-criminals looking to attack a company.
While Facebook defends its new settings, privacy advocates still do not agree. The Office of the Privacy Commissioner of Canada launched a complaint about the new settings just last week.
Sophos newest survey includes in-depth analysis of how social networks make it easy for people to steal data. This quote is regarding the Koobface worm:
“Most notably, the notorious Koobface worm family became more diverse and sophisticated in 2009. The sophistication of Koobface is such that it is capable of registering a Facebook account, activating the account by confirming an email sent to a Gmail address, befriending random strangers on the site, joining random Facebook groups, and posting messages on the walls of Facebook friends (often claiming to link to sexy videos laced with malware). Furthermore, it includes code to avoid drawing attention to itself by restricting how many new Facebook friends it makes each day.
Koobface’s attack vectors broadened, targeting a wide range of sites other than the one that gave it its name (i.e., Facebook). Social networking sites, including MySpace and Bebo, were added to the worm’s arsenal in 2008; Tagged and Friendster joined the roster in early 2009; and most recently the code was extended to include Twitter in a growing battery of attacks. It is likely we will see more malware following in the footsteps of Koobface, creating Web 2.0 botnets with the intention of stealing data, displaying fake anti-virus alerts and generating income for hacking gangs.”
Source: USA Today