Sophos Senior Technology Consultant Graham Cluley agrees with a BitDefender study showing Facebook as a growing attack vector for smartphone malware. Sophos has seen a similar pattern, and Android phones are often the easiest targets, Cluley said in a sit-down interview Tuesday.
"The iPhone operates in a more controlled environment and the BlackBerry security model is fairly strong. Because Android operates in a more open environment, it's more open to infections," Cluley said during a visit to the offices of IDG Enterprise, home of CSO.
Given the growing popularity of Android phones in the enterprise, Cluley said this is something IT security shops must be more aware of.
The malware being sent to the phones via Facebook messages are the garden-variety spam messages that rely heavily on social engineering tactics. A Sophos threat report due out next week will dive more into the social networking threat, but the company's just-released "Dirty Dozen" spam list also mentions it.
"Spam is certainly here to stay, however the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers," Cluley said.
Earlier, BitDefender came out with a report warning that Facebook has become the biggest mobile malware threat. Spam links on social networks are infecting mobile devices via bad links on Facebook because the worms and other malware are often platform-independent and are widely spread as malware that targets PCs, the report said.
BitDefender pointed to Google statistics revealing almost a quarter of Facebook users falling for a recent scam on the social network from their mobile device. The URL that was studied was one that claimed to show users a girl's Facebook status which got her expelled from school. It generated 28,672 clicks , 24 percent of which originated from mobile platforms. Users who clicked on the link, whether on their PC or mobile device, downloaded a Facebook worm and fall victim to an adword-based money grabbing scheme.
"When data security researchers focus on finding malware specifically designed for mobile platforms, they lose sight of an important mobile platform threat source, the social network," said George Petre, BitDefender Threat Intelligence Team Leader.