Yesterday, SC Magazine reported that malware distributed on social networks was 10 times more effective than the same malware distributed through e-mail. They report that it is a big threat to the future of social networks and hypothesize that its effectiveness is due to the trust relationships that exist on these sites.

While the trust between friends on sites like Facebook and MySpace certainly contributes to the problem, there are probably three other factors that should be mentioned:

1. Social networking sites are driven by links. Where e-mail is about easy and quick communication, social networking sites are driven by shared links to interesting news propagating on the web. In the case of Twitter, probably more than 90% of tweets contain links to articles on the web.
2. Browser exploits are THE method of propagation for malware. Worried about the latest self propagating worm exploiting a zero day vulnerability? The threat from a worm pales in comparison to the volume of attacks coming through your browser. TippingPoint’s Pwn2Own contest highlights browser vulnerabilities and the results from this year’s contest were scary. On the first day Safari, Firefox and Internet Explorer all hit the dust with new zero day exploits. This contest actually saw the first official exploit for IE8. Today, scammers take advantage of the weakness of the browser by linking users to infected sites through phishing and link postings. URL shortening complicates this because the user has no idea of what site they are really linking to.
3. Social posts are far less filtered than e-mail. The e-mail spam and virus filtering market has matured and most users have some rudimentary form of filtering for one or both of these items in e-mail. With social networks there is no such filter other than choosing who you befriend and follow. If you are following the latest #trend on Twitter, you will get the good, bad and ugly of links including links to phishing sites.

Link quality poses a serious threat to social networking sites. With numbers demonstrating that the effectiveness of malware attacks in social networks is 10 times as effective as e-mail you can be sure that scammers are taking notice. The inherent nature of social networks makes this a difficult problem to combat. The best advice for all users today? Think before you click and keep your anti-virus software up to date.  Social networks need to identify scammers, ban their accounts and prevent them from creating new ones in order to ensure the future of their sites. This, coupled with greater user awareness, should help reduce the problem.

Tags: identity theft, Online Fraud, Phishing, scammer

This entry was posted on Wednesday, May 13th, 2009 at 7:53 am and is filed under Financial Services, Online Communities, Online Gambling, Online Gaming, Online Retail. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.