Social networking sites create security risks

Published 5 October 2006

Viruses and spyware as much a threat as identity theft; 46 percent of using adults access sites from work, and many more download unknown files; log-in credentials at risk, experts say

Mark Foley, the former congressman disgraced last week when his lewd e-mail and instant messaging habits were exposed, was lucky in one respect. He apparently did not have a MySpace or a FaceBook page. As readers with teenage children know, social networking has replaced the mall as the place for youngsters to meet new friends, share common interests, and, worryingly, exchange phone numbers and other personal information. Tales of “FaceBook stalkers” abound.

Underreported is the fact that social networking sites present cybersecurity risks as well. Fraud, identity theft, spyware, and viruses top the list of security experts, who note that users are far too willing to upload information from other users. Among adult users, the problem may even be worse: 83 percent of adults using social networking sites download unknown files from other people’s profiles, and 31 percent of adults have responded to phishy unsolicited e-mails or instant messages. MySpace has been a particlary favored hacker target. The so-called Samy worm, so-called after the name of the user involved, recently infected millions of computers by exploiting an old Windows MetaFile flaw.

Employers take note: this is a problem for you, too. Of these reckless adults, 46 percent of them are social networking at the office, thereby exposing office systems to viruses while wasting company time. “MySpace could [also] be used to get a dropper Trojan on a machine and set up a stakeout post,” said Dave Cole, director of Symantec Security Response. “When the user goes to his or her corporate site, it would go ahead and steal his login credentials.” So far, experts say the onus should be in the social networking sites to improve security, but companies should consider reviewing their IT security with employees. If that fails, they might have to consider banning use of the sites at work. Better safe than sorry, after all.

-read more in this Dark Reading report; read more about social networking at this Stay Safe Online Web site