Cyber-criminals targeting social networks, experts warn

Facebook, MySpace and other social networking sites are inceasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn.

Data posted on the sites - name, date of birth, address, job details, e-mail and phone numbers - is a windfall for hackers, participants at Campus Party, one of the world's biggest gatherings of internet enthusiasts, said.

A vicious virus Koobface - "koob" being "book" in reverse - has affected thousands of Facebook and Twitter users since August 2008, said Asier Martinez, a security specialist at global IT solutions provider Panda Security.

"Its spread has been very significant and it has been detected in 4,000 different variants," he said at the week-long event which wraps up on Sunday in Valencia in eastern Spain.

The virus hijacks the accounts of social networking site users and sends messages steering friends to hostile sites containing malware, a malicious software often designed to infiltrate a computer system for illicit purposes.

In one of its variants, Koobface sends the victim a warning that its Flash player is outdated along with an invitation to download a new version, which is in fact the virus.

Malware can be used to steal bank account data or credit card information once installed on a personal computer.

Facebook has sought to resist attacks by Koobface and similar viruses by blocking links to hostile sites and shutting down accounts from users that show signs of infection, such as sending too many messages.

"You also must be very careful with people who ask to join your friends list," said Laura Garcia, who writes a popular blog about internet security, adding that hackers often sent requests.

Another danger of social networking sites are the popular quizzes, horoscopes and games made available for free to users which can sometimes be used to hide links to hostile sites, she added.

Birthday greetings as well as messages sent at Christmas and other holidays may also appear to come from friends when in fact they are linked directly to sites that try to convince would-be victims to reveal personal information like passwords or bank numbers, said Mr Martinez.

The vulnerability of social networking sites was underscored in a study by security company Sophos made public earlier this month.

It found that about half of all companies in the US block some or all access to them due to concerns about cyber incursions via the sites.

Facebook says that less than one per cent of its users have been affected by a security issue, such as a virus, since the site opened in 2004.

Ms Garcia said the number of viruses detected in recent years has exploded while the profile of cyber-criminals has changed.

"Before it was very savvy teenagers who wanted to show off their computer skills. Now you don't really need to know much about information technology to be a hacker, all the tools have already been created," she said.

Real cyber-crime mafias have now taken over, especially in Russia, China, Brazil and the Ukraine whose goals are purely economic gain, she said, underscoring that hacking could be highly lucrative.