Hackers are increasingly using social networking sites to spread malware, according to Symantec’s 2011 Internet Security Threat report. There was also a growing number of attacks on smart phones last year, it stated.
In many social networking attacks, hackers place malicious links in a compromised account, then disperse the links throughout a victim’s friends or associates, the report stated. Many attacks use shortened URLs, which obscure the link's actual address. Such links then frequently lead victims to Web pages that download malware on a victim’s computer.
In a three month period in 2010, Symantec said 65 percent of the malicious links it found on networking sites used shortened URLs. About 75 percent of such links were clicked 11 or more times, according to the report.
Many hackers also use networking sites to glean information on possible victims, according to Symantec. They might find information such as a user’s e-mail address and information about the target’s friends or colleagues. Sometimes by spoofing an e-mail “from” address, attackers might then send victims an e-mail that appears legitimate but that contains malicious links or attachments.
Symantec advises networking site users to review their privacy settings. Settings can sometimes change; sometimes they are also automatically set to reveal more information than account owners might like, according to Symantec. They also advise organizations to train employees about the risks of posting sensitive information and to back this up with enforced policy.
Symantec also saw a rise in mobile device malware last year. There were 215 incidences, compared to 165 in 2009. But the security company acknowledges that compared to traditional computer threats, mobile threats are still relatively uncommon.