According to a recent report from security vendor Websense, 95 percent of comments that purport to come from readers of blogs, chat rooms, and message boards are actually auto-generated messages containing spam or malware, showing just how infected social networking has become.
Social networking sites are a prime target for spreading spam and malware because they offer this ability for just about anyone to post comments, presenting hackers with a back door via which they can easily post links to malicious Web sites. Considering how much malware has been found lurking on the pages of social networking sites, some readers must be following these links and offering hackers wonderful click-through rates.
Another reason these social networking sites are becoming big targets for cybercriminals is because they reach so many people. Websense says the 100 most visited Web sites make up the majority of all Web page views, so by targeting these top sites hackers can get maximum exposure for their links.
Koobface, for example, is a worm that targets Facebook and other social networking sites to spread itself and collect personal data from PCs that inadvertently download the malware. The Koobface Gang, as its creators have come to be known, has started using search engine optimization techniques to embed the malware in Web pages that are likely to get the most page views.
According to Websense, sites that allow for user-generated content make up the majority of the sites listed on the top 50 most active distributors of malware. No surprise there.
However, when you consider how many employees access social-networking sites from corporate desktops, the problem takes on greater dimensions. Websense says that 95 percent of organizations allow access to Web 2.0/social networking sites, yet 91 percent of them said they don't have the proper security measures in place to protect from Web 2.0-specific threats.