Sophos Senior Technology Consultant Graham Cluley points to the scam, saying, "It’s the latest survey scam spreading virally across Facebook, using the tried-and-tested formula used in the past by other viral scams including ‘Justin Bieber trying to flirt‘, ‘Student attacked his teacher and nearly killed him", "the biggest and scariest snake‘ and the ‘world’s worst McDonald’s customer’."

Cluley has several screenshots of different parts of the scam that one might encounter (such as the one below). The perpetrators clearly went all out in their deception efforts.

Image Credit: Sophos

Keep in mind, there are variations of the actual status updates that claim to point to the dislike button. Don’t believe any of them. It’s probably best to ignore any such thing until Facebook makes an official announcement, unveiling a dislike button. I wouldn’t hold your breath for that either.

India trails the U.S., accounting for 7.7 percent of worldwide spam, followed by Brazil (5.5%), the UK (4.6%) and South Korea (4.2%).

"It’s sad to see spam relayed via compromised European computers on the rise – the UK, France, Italy and Poland have all crept up the rankings since the start of the year," said Graham Cluley, senior technology consultant at Sophos.

"Financially-motivated criminals are controlling compromised zombie computers to not just launch spam campaigns, but also steal identity and bank account information. It’s an uphill struggle educating users about the dangers of clicking on links or attachments in spam mails, and that their computers may already be under the control of cybercriminals."

Europe has become the top spam-relaying continent, accounting for 35 percent of all spam, edging out Asia with 30.9 percent. North America and South America are responsible for 18.9 percent and 11.5 percent of spam respectively, while Africa accounts for 2.5 percent.

"Spam will continue to be a global problem for as long as it makes money for the spammers. It makes commercial sense for the criminals to continue if even a tiny proportion of recipients clicks on the links," explained Cluley.

"Too many computer users are risking a malware infection that sees their computer recruited into a spam botnet. To combat the spammers, it’s not only essential for computer users to run up-to-date security software, they must also resist the urge to purchase products advertised by spam."

The survey of 1,588 Facebook users found that 16 percent of those polled have already stopped using the social network due to inadequate control over their data.

Sophos says the survey revealed that the majority of users are frustrated with the lack of control that Facebook gives them over their own data. Most don’t know how to set their Facebook privacy options safely, and find the process confusing.

"A mass exodus from Facebook seems unlikely, but Facebook members are clearly getting more interested in knowing precisely who can view their data," wrote Graham Cluley, Senior Technology Consultant, Sophos, in a blog post.

"With this survey showing that only 24% of users aren’t thinking about quitting, Facebook will need to make sure further changes to the privacy policy are clear, concise and in the interest of making it easier for members to know exactly who has access to whatever they chose to upload."
 

China has had a significant drop in the amount of spam originating from that country, falling out of the top twelve and coming in at 15th place for relaying just 1.9 percent of the world’s spam.

The top twelve spam relaying countries for January to March 2010

"All eyes aren’t so much on which countries are on the list, but the one which isn’t. China has earned itself a bad reputation in many countries’ eyes for being the launch pad of targeted attacks against foreign companies and government networks, but at least in the last 12 months they have demonstrated that the proportion of spam relayed by their computers has steadily declined," said Graham Cluley, senior technology consultant at Sophos.

"South Korea, Brazil, India and the United States account for more than 30% of all the spam relayed by hacked computers around the globe."

Spam accounts for a 97% of all email received by business email servers, putting both a strain on resources and accounting for a huge amount of time to lost productivity.

How big of a security concern do you find social media to be? Discuss here.

The firm surveyed over 500 organizations and found that 36% of users claim to have been sent malware via social networking sites, which is an increase of 69% from last year.

"Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made," said Graham Cluley, senior technology consultant for Sophos. "The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks."

Of course front and center of everybody’s attention is Facebook, the world’s most popular social network. Sophos found that out of those surveyed, 60% believe Facebook poses the biggest security threat out of social networks, compared to just 18% naming MySpace, 17% naming Twitter, and 4% naming LinkedIn.

"We shouldn’t forget that Facebook is by far the largest social network – and you’ll find more bad apples in the biggest orchard," says Cluley. "The truth is that the security team at Facebook works hard to counter threats on their site – it’s just that policing 350 million users can’t be an easy job for anyone. But there is no doubt that simple changes could make Facebook users safer. For instance, when Facebook rolled-out its new recommended privacy settings late last year, it was a backwards step, encouraging many users to share their information with everybody on the Internet."

Although LinkedIn was cited as the network among the top four that sparks the least amount of concern from survey participants, Cluley notes that it has its own significant risk factors, which should not be overlooked.

"Targeted attacks against companies are in the news at the moment, and the more information a criminal can get about your organization’s structure, the easier for them to send a poisoned attachment to precisely the person whose computer they want to break into," he explains. "Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff’s names and positions. This makes it child’s play to reverse-engineer the email addresses of potential victims."

According to Sophos’ findings, 49% of firms allow all their staff unfettered access to Facebook, a stat that is up 13% from last year.

"The grim irony is that just as companies are loosening their attitude to staff activity on social networks, the threat of malware, spam, phishing and identity theft on Facebook is increasing," says Cluley. "However, social networks can be an essential part of the business mix today, and the answer is not to bar staff from participating in them, but to apply some ‘social security’ instead."

As Cluely suggests, social networks have simply become part of the way we do business. At this point for a lot of companies, shutting down access in not an option. The reality is that no matter which way you communicate online, there are going to be threats. This is true not only in the corporate world, but in general life. As social networking becomes more location-oriented, you have to wonder if cyber crime might lead to an increase in physical world crime. That’s a scary thought.

Is social media worth the security risks to your company? Share your thoughts.

Related Articles:
 

> Businesses Benefit as Customers Share Current Locations

> Customer Connections Now Important for Google Results

> Facebook Most Popular Mobile Social Website

"The initial productivity concerns that many organizations harbored when Facebook first shot to popularity are giving way to the realization that there are more deliberate and malicious risks associated with social networking," said Graham Cluley, senior technology consultant at Sophos.

"As cybercriminals choose to exploit these sites for nefarious purposes, both innocent users and companies are finding themselves in the firing line. But until users wise up to the dangers, and firms begin to take precautionary measures to combat these threats, then the situation will intensify."

The survey found that although one – third of organizations still consider productivity issues to be the major reason for controlling employee’s access to social networking sites. The threat from both malware and data leakage is becoming more apparent with one in five citing these as their top concerns.

Popular social networks including Facebook, MySpace, LinkedIN and Twitter have all received spam and malware attacks during 2009, all aimed at stealing information or compromising PCs.

One method used by hackers is to compromise accounts by stealing usernames and passwords in order to send spam or malicious links to the victim’s online friends.  Sophos found that one third of respondents have been spammed on social networking sties, while 21 percent have been the victim of targeted phishing or malware attacks.

Sophos says that users will continue to share information inappropriately online. However it does not recommended banning social networking in the workplace.

"The danger is that by completely denying staff access to their favorite social networking site, organizations will drive their employees to find a way round the ban – and this could potentially open up even greater holes in corporate defenses," explained Cluley. "

Let’s not also forget that social networking sites can have beneficial business purposes for some firms too, giving them the chance to network with existing customers and potential prospects."

The ad, which according to the screenshot at security company Sophos blog achieved top placement for the keyword phrase “Obama win,” clicked out to a “rogue” site and a download prompt for an installer that is “100% checked by Antivirus.”

Despite that vague reassurance, downloading launches a PDF file to exploit an Acrobat Reader flaw and deliver a virus labeled Mal/PDFEx-B.

Hopefully nobody was click-happy enough to click that “Download now” button, especially since neither the paid ad nor the site it led to actually ever said what the user would be downloading. All the AdWords ad said was “Download Now” and Instant Download Download Now and Save Time.”

The text lets the reader assume what it would be related to “Obama win,” and imagine how much time they’ll save downloading whatever it is.  

Sophos says the ad has been removed since that sighting.
 

During this period Sophos found 23,300 new spam related Web pages everyday, or about one every three seconds.

For the first time Turkey was in the top three of offending countries sending spam. Compromised computers in Turkey accounted for 5.9 percent of the globe’s spam, compared to 3.8 percent in the fourth quarter of 2007.

"Turkey’s appearance in the top three makes for an interesting realignment so early on in the year, but does not mean that other countries can give up the fight – spam is a global problem and must be tackled as such," said Carole Theriault, senior security consultant at Sophos.

The U.S. remained in the top position of countries responsible for generating spam with 15.4 percent followed by Russia accounting for 7.4 percent in the first quarter. In the past year the number of spam messages sent from compromised computers in Russia has more than doubled. In the first quarter of 2007 Russia relayed just three percent of the world’s spam.

"As long as spammers continue to make money from these nasty ruses, the spam plague will continue," said Theriault. "Businesses must wise-up to this threat and recognize the importance of quarantining spam messages before they are delivered to the unsuspecting user."
 

The top twelve spam-relaying countries:

The malware called Harada is thought to be connected to the Pirlames Trojan horse which anti-spam firm Sophos reported blocking in Japan last year. The three men have admitted they took part in the crime. One man wrote the malware, while the other two are thought to have distributed the malicious code through Winny.

"It isn’t illegal to write viruses in Japan, so the author of the Trojan horse has been arrested for breaching copyright because he used cartoon graphics without permission in his malware. Because this is the first arrest in Japan of a virus writer it’s likely to generate a lot of attention and there may be calls for cybercrime laws to be made tighter," said Graham Cluley, senior technology consultant for Sophos.

"Malware is truly a global menace, impacting on every user of the Internet, and it is good to see police around the world doing their bit to tackle the problem."

Some computers infected with Harada displayed a message saying, "You’re already dead. Come here. And apologize to me. If you don’t, this PC will self-destruct."