Problem solve Get help with specific problems with your technologies, process and projects.

What are the risks of social networking sites?

Social networking sites allow someone to post information that thousands of other users can read. But that's not at all. In this Q&A, information security threats expert Ed Skoudis reveals how sites like Myspace and Youtube let the bad guys post something more dangerous: malware.

What threats are posed by the popularity of social networking sites like MySpace and YouTube?

The most prominent threats fall into two categories: technical and social. From a technical perspective, these social networking sites are, in reality, Web sites that allow hundreds of thousands of people to post content: on-line profiles, videos, and/or commentary. With all of that information coming in, malicious users are constantly trying to post malware, specifically browser exploits, to these sites. Attackers hope that if they are able to successfully load content containing a browser exploit, they can then take control of browsers by convincing other users to view their content.

Beyond browser exploits, an attacker can post a script on a social networking site that will run inside the browsers of those who view the content. This variation of a cross-site scripting attack is what the so-called Samy worm did in MySpace in October 2005. The author of this worm updated his profile with a script. Whenever any other user read his profile, this script would run in that user's browser, adding the Samy author as a friend in MySpace. The script would then add a copy of itself to this user's profile. When other users read any of the script-infected profiles, they too would be added as a friend to the Samy author and have their profile updated. Within an hour, the Samy author had hundreds of thousands of friends in MySpace.

Because of this major risk, most social networking sites carefully filter out scripts and browser exploits posted within user content. Their filters are not perfect though, and sometimes a unique encoding scheme or obscure scripting trick makes it through, resulting in an attack like the Samy worm. Therefore, you should defend yourself by running an up-to-date browser and an antivirus/antispyware suite. Also, if you are particularly paranoid, you may want to disable scripts in your browser when accessing social networking sites. You could consider adding social networking sites to a different security zone in your browser, like Restricted Sites, where you could then disallow browser scripts.

More information:

This was last published in March 2007

Dig Deeper on Social media security risks

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.