Social Malice: One In 100 Tweets And One In 60 Facebook Posts Are Malicious

Here's what social networking looks like on the dark side: one in 100 tweets today are malicious, and one in 60 Facebook posts are as well.

Facebook users are the least confident in social network security, with 40 percent confessing they feel unsafe on Facebook, while 28 percent feel that way about Twitter, and 14 percent on LinkedIn. But that doesn't mean LinkedIn won't eventually become a big target for cybercrime: "When you look at the actual damage that could be done to a business" by hackers targeting LinkedIn accounts, it's high for business disruption and employee misinformation, for example, says Daniel Peck, senior research scientist with Barracuda Labs, who today at HackerHalted in Miami shared Barracuda's latest data on malicious activity on Twitter, Facebook, and on search engines.

According to new Barracuda survey data of social media users, LinkedIn is the least-blocked social network by enterprises, with only 20 percent of organizations preventing their employees from using LinkedIn from work. That in contrast to Twitter (25 percent); Google+ (24 percent); and Facebook (31 percent).

Peck predicts that LinkedIn definitely will be a target for badness. "I think there will be a lot of social attacks there," he says.

Interestingly, most users say the important factors to consider when joining a social network are security (92 percent), that their friends use it (91 percent), privacy (90 percent), and ease of use (87 percent). More than 90 percent have received spam over a social network, and more than half have experienced phishing attacks. More than 20 percent have received malware, 16.6 have had their account used for spamming, and about 13 percent have had their account hijacked or their password stolen. More than half are unhappy with Facebook's privacy controls.

Meanwhile, Barracuda counted 43 percent of Twitter accounts as "true users" with real followers and regular tweets, and 57 percent as "not true users" -- either spam bots or inactive accounts.

Attackers abuse Twitter in much the same way that they engage in search-engine poisoning, according to Peck, casting a wide net and hoping to get more eyeballs. "Facebook manipulates trust more – your Friends are people you make eye contact with," he says.

"Facebook is less likely to get hit by a driveby download or to exploit your browser. Twitter is more likely" to get hit that way, he says. "A Facebook [attack] is more likely going after your data, or pushing an affiliate scam sort of thing."

The good news about Facebook abuse, Peck says, is that it's become high-profile enough that word gets out faster when a scam hits. A prime example was this week, when a "Starbucks' anniversary" scam began to spread. "So Starbucks Corporate put out on Twitter that it was a Facebook scam and was not real," Peck says. "This is getting big enough that the big companies are starting to notice the scams."

Barracuda also measures search malware on Google, Bing, Twitter, and Yahoo over a 153-day period and found 34,627 malware samples, with one in 1,000 search results leading to malware. And one in five search topics lead to malware, with "music + video" containing the most malicious links. The number two search term leading to malware: 's "JenniJ-Woww," with 17 percent of the malicious search results.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.