A recent report suggests that most users that use social networking sites have reported being spammed, with more than a third of those messages containing malicious links, or malware attached to the bogus messages. The security firm which ran the survey says the issue could be a serious threat to corporate networks.

According to security experts Sophos, 57% of those questioned say they received unsolicited messages on their social networks last year, compared with 33% in 2008. The proportion who received either infected files or links to harmful material rose from 21% to 36%.

Businesses Aware of Risk, but Fail to Act

Businesses seem to be acting inconsistently when it comes to monitoring employee usage of social networking sites. While 72% of 500 firms interviewed said they were worried staff accessing such sites at work could pose a security risk, and 60% said Facebook was the biggest source of potential dangers, 49% said they allowed staff unrestricted access to the site.

Sophos noted that Facebook could be doing more to maintain security in such circumstances, criticizing its recent decision to make much more user information publicly available by default. But the firm conceded the site's problems were as much to do with its size as its inherent (in)security, pointing out that "you'll find more bad apples in the biggest orchard." (Source: sophos.com)

LinkedIn Poses New Risk

Only 4% of people questioned believed LinkedIn, a primarily business-oriented networking site, posed the biggest risk. Sophos believes that may be underestimating the problem, and it says the site may not be of interest to hackers trying to play the numbers game, but could be ideal for those targeting specific companies.

Hackers may use LinkedIn to specifically target employees whose profile shows they have a lofty position within a firm, in the belief that their private information would be most lucrative.

Study May be Skewed

While Sophos' research has prompted reports that social networking spam and malware are currently rising by an alarming 70%, that figure may be misleading. Those increases involve the proportion of users reporting an attack and not necessarily those attacks which had any real success or impact. (Source: pcworld.com)