Sure, social networking is fun, catching up with old school friends, flashing through their photos, seeing how their lives have developed, it's a really neat way to keep in contact with people. But it's also a great way to provide fraudsters with a wealth of information that can then be used to access your existing bank accounts, or even create new ones.

The Symantec Internet Security Threat Report [1] reviews known vulnerabilities, analyses network-based attacks, and tracks the occurrence of malicious code based on intelligence data gathered from two million decoy email accounts in 30 different countries, as well as 40,000 sensors spread over 180 countries. To create the report Symantec also draws malicious code reports from over 120 million client, server, and gateway systems that have deployed its antivirus product.

And our latest findings were concerning for Internet users placing personal information on trusted websites such as on social networking sites.

Yep, that's you and me and the 200,000 other Australians who log onto social networking sites everyday.

One of the key findings from the report is that web sites are the focus of a large portion of malicious activity and attackers are seeking information, not computers or devices containing the data. In addition, once attackers steal information, they are buying, selling and trading it through a mature, consolidated underground economy.

And business is booming in this underground Internet economy.

Some of the most active malicious code samples we came across in the last six months in Australia include Vundo and Infostealer. Gampass, created to detect and gather personal information which is then being consolidated, and sold on international markets. The underground economy has adopted mature market dynamics in order to capture and on-sell your personal information. They sell package deals of highly granular personal data, maiden names, and birth dates. And we're the ones giving them the information in the first place by not being careful what we say to whom.

So long as they have enough identifiers they can recreate your identity, and this is where the risk lies on a personal level.

Generally what we're seeing is malicious programmers move away from traditional methods such as IRC and botnets, and beginning to use stealthier methods like http and peer-to-peer programming to get access to private data.

The other area of growth is the shear number of threats, viruses, Trojans, spyware and generally malicious code lurking on the Internet. We're at the point where the volume of malicious code actually exceeds the volume of legitimate applications, which in itself will lead to the creation of whitelists of ‘good' applications which your computer can accept and run, rather than blacklists of threats.   

And the third is data leakage through portable devices. This is like the corporate equivalent of trusted websites, in-so-far as these devices are trusted and ubiquitous, and we really have no idea how much information is ending up in unsecured locations. How many corporate customer data bases are being carried around in suit pockets? How many income streams are walking in and out the door in high-level phones? The fact is that we really don't know.

But don't despair.

Protection comes back to prevention, and prevention to pragmatism. There are simple techniques individuals and companies can adopt to protect themselves from harm.    The most important protective measure is to employ defense-in-depth, which emphasises multiple overlapping and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. For consumers, this means using an Internet security solution that combines antivirus, firewall, and intrusion detection.

And as always, knowledge is power, so take some time to think about the way you interact with technology, and how you can respond to the dangers lurking online.

The full report can be viewed at www.symantec.com/threatreport [2] 

Vicepresident for technology security company Symantec Asia Pacific Craig Scroggie is also a graduate and fellow of the Australian Institute of Company Directors, a fellow of the Australian Sales & Marketing Institute serving on their National Advisory Committee, a trustee for the Committee for Economic Development of Australia, and is a non-executive director and board member of the Storage Networking Industry Association (SNIA).