Social-networking websites are fast becoming a key target for online fraud, according to Symantec's latest Internet Security Threat Report.
The report reveals that, for the second half of 2007, there were 87,963 "phishing hosts", an increase of 167 percent from the first half of 2007. The report states that "66 percent of phishing attacks in the US were directed towards social-networking sites".
Symantec Australia managing director Craig Scroggie said social-networking sites are a treasure trove of personal data, listing information such as birthdays, location and employment history.
"[Users of these] websites are putting up a large amount of confidential information that is being used for fraudulent activity and financial gain," Scroggie said. The Symantec report notes that social-networking sites are attractive to cybercriminals because such pages "are generally trusted by users".
Personal information is collected and sold on the internet black market, for as little as $1 (51 pence). "We're starting to see the area mature significantly," Scroggie said.
The report also notes that vulnerabilities in websites are increasingly popular malware vectors as they allow for more sophisticated and multi-stage attacks.
Scroggie added that some people used the proceeds of these sales to fund further attacks. "People are employing programmers dedicated to the production of those threats," Scroggie said.
While the report found that most attacks continue to occur and originate in the US, China is becoming increasingly important as a source of malicious code.
"Russia was implicated in the widespread distribution of malicious code over the last couple of years. That dropped off in 2007," Scroggie said, "but [security threats] have recently re-emerged in China."
Scroggie said the spread of malicious code was expected to increase, with the growing use of portable data-storage devices. "There is an increased security threat from portable media devices, whether it be a USB flash drive or an MP3 player," he said.