If you think spam attacks were bad in 2009, just wait until 2010 gets going.
In its 2009 Annual Security Report [PDF], the networking gurus at Cisco predict that worldwide spam volumes will increase by 30 or 40 percent over 2009 levels. So get ready for a fresh glop of discounted penile-enhancement pills, strange women "winking" at you through nonexistent dating sites, and faux Nigerian princes promising $100 million waiting for you overseas. The hardest hit by this gush of obnoxiousness will be social networking sites, especially the king of them all: Facebook.
Social networking isn't just for kids anymore. Since businesses and organizations began digging into the gambit of cyber friends and fans, spammers have taken the opportunity to ramp up efforts to grab the attention of the unsuspecting. Facebook claims that site visitations increased 105 percent from December 2008 to December 2009. (Click on the chart for a close-up view.)With these kinds of numbers, it's no wonder spamming has followed suit.
One of the most notorious spam attacks on Facebook was Koobface, a malware bot that commandeered Facebook profiles and turned them into infectious zombies. Koobface tricked victims by posing as Facebook friends, thereby increasing chances that people would follow malicious links. Koobface is not alone -- according to Project Honey Pot (via Times Online), a system for identifying spammers and the spambots used, "Since 2004 the number of bots has nearly quadrupled ever year. In 2009, there were nearly 400,000 active bots engaged in malicious activity on any given day with several million active over the course of any month."
Apart from simply destroying computers, Facebook spam has also been used to empty wallets. "Facebook has also been used to launch '419' scams. The scam normally starts when a Facebook user is fooled into handing over Facebook login credentials, or has their login credentials stolen by keylogger malware on their machine. With these stolen credentials, the criminal logs in to the user's Facebook account and sends messages to the user's Facebook friends, asking them to wire money -- supposedly because the user is stranded in a foreign country," the Honeypot report says.
There are, of course, ways to protect yourself against spam attacks. The most effective method is common sense. By now, most people should recognize the difference between legit e-mail messages and a hacker's silly attempt to burrow under the covers. And antispam support has become a lucrative industry itself -- coincidentally, Cisco itself touts a spam and virus blocker on Facebook. Web security leader Websense recently launched Defensio 2.0, "which analyzes and classifies user-generated content on Facebook to prevent the posting of malicious and inappropriate content, and enhances the real-time threat intelligence of the Websense Web Security Gateway." Such measures are a clear indicator that Facebook has adopted a poor disposition that requires protection.