According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest social networking site. The statistics, which were included in Sophos' "Security Threat Report: 2010", revealed that while 33 percent block Facebook for productivity reasons, businesses are also concerned with the prospect of spam, malware and data leakage on social networks.
“Furthermore, over 72 percent of firms believe that employees’ behavior on social networking sites could endanger their business’s security,” according to the report. When it comes to Facebook in particular, 45 percent of respondents said they do not control access to the site.
Users of social networks can also face a more indirect risk – attackers using the sites to conduct surveillance on potential victims and ultimately compromise them. “Undoubtedly a large part of the incentive of social networking attacks is to compromise the victim's machine and infect it with malware that turns it into part of a bot,” As such, compromised accounts can have real value on the black market. According to Dmitry Bestuzhev, senior regional researcher for Latin Americaat Kaspersky Lab, said recently a Twitter account was seen being offered for $1,000 on a hacker forum. In the hands of cyber-criminals, the accounts can be used to spam out malicious links that lead to malware infections, he said.