Hackers will increase attempts to infect social networking sites with malware during 2009 say security firms.
According to a report from MessageLabs Intelligence, which is owned by Symantec and specialises in the analysis of messaging security issues and threats, creating fake accounts on social networtking sites, such as Facebook, was one of the most popular tactics employed by cybercriminals in 2008. These fake accounts were then used to post malicious links, which usually led to a phishing site, to legitimate users.
Scammers then use the site to harvest usernames and passwords of the legitimate accounts and access them, posting blog comments on the pages of their friends, as well as sending messages from the phished accounts to other contacts. These messages usually contain spam, including links to spam sites such as online pharmacies.
"Web 2.0 offers endless opportunities to scammers for distributing their malware - from creating bogus social networking accounts to spoofed videos - and in 2008, the threats targeting social networking environments became very real," said Richard Bowman from MessageLabs.
Another report from security expert Symantec showed this trend does not look to be slowing down.
The report, which analysed web threats for the month of January 2009, said social networking sites continue to be popular destinations for cyber criminals seeking potential victims.
According to the Symantec report, January saw the emergence of email spam which closely mimicked legitimate notification emails of two major social networking sites. These spam messages, which invited users to join a group on the social networking site, contained a link to a virtual group created on the site by the spammers.
This virtual group was linked to a free blogging site before redirecting the user to the destination URL. Upon clicking this URL, users are faced with the request to fill out a form collecting personal information. Information collected could then be sold to marketing companies or used for other malicious purposes.