PC security If you think spam attacks were bad in 2009, just wait until 2010 gets going. You ain't seen nothing yet.

In its 2009 Annual Security Report [PDF], the networking gurus at Cisco predict that worldwide spam volumes will increase by 30 or 40 percent over 2009 levels.

So get ready for a fresh dollop of discounted penile-enhancement pills, strange women 'winking' at you through non-existent dating sites, and faux Nigerian princes promising $100m waiting for you overseas. The hardest hit by this gush of obnoxiousness will be social-networking sites, especially the king of them all: Facebook.

Social disaster

Social networking isn't just for kids any more. Since businesses and organisations began digging into the world of cyber-friends and fans, spammers have taken the opportunity to ramp up efforts to grab the attention of the unsuspecting. Facebook claims that site visitations increased 105 percent from December 2008 to December 2009. With these kinds of numbers, it's no wonder spamming has followed suit.

One of the most notorious spam attacks on Facebook was Koobface, a malware bot that commandeered Facebook profiles and turned them into infectious zombies. Koobface tricked victims by posing as Facebook friends, thereby increasing chances that people would follow malicious links.

Koobface is not alone - Project Honey Pot, a system for identifying spammers and spambots, says: "Since 2004 the number of bots has nearly quadrupled ever year. In 2009, there were nearly 400,000 active bots engaged in malicious activity on any given day with several million active over the course of any month."

Apart from simply destroying computers, Facebook spam has also been used to empty wallets. "Facebook has also been used to launch '419' scams," the Honeypot report says. "The scam normally starts when a Facebook user is fooled into handing over Facebook login credentials, or has their login credentials stolen by keylogger malware on their machine. With these stolen credentials, the criminal logs in to the user's Facebook account and sends messages to the user's Facebook friends, asking them to wire money - supposedly because the user is stranded in a foreign country."

Uncommon common sense

There are, of course, ways to protect yourself against spam attacks. The most effective method is common sense. By now, most people should recognise the difference between legit email messages and a hacker's silly attempt to burrow under the covers.

And antispam support has become a lucrative industry itself - coincidentally, Cisco itself touts a spam and virus blocker on Facebook. Web security leader Websense recently launched Defensio 2.0, "which analyses and classifies user-generated content on Facebook to prevent the posting of malicious and inappropriate content, and enhances the real-time threat intelligence of the Websense Web Security Gateway."

Such measures are a clear indicator that Facebook has adopted a poor disposition that requires protection.

See also:

In 2009 87% of emails are spam

Web users click adverts without checking for malware

PC security news, reviews, tips and walkthroughs

PC World