The majority of malicious activity surrounding social networks today primarily involves unwanted or nuisance traffic, as opposed to attacks that lead to a fully compromised machine.
Social networks such as Facebook are of value to more serious criminals, but mainly for reconnaissance during targeted attacks. They are a great resource for learning background information about individuals and uncovering relationships, all of which can be of great value for social engineering.
We’re not, however, commonly seeing the communication aspects of social networks used to deliver malicious payloads directly to victims or investments in uncovering web application vulnerabilities used to compromise end user machines, as opposed to spreading the aforementioned scams.
In 2012, attackers will raise the bar and leverage social networks for more sophisticated attacks, the goal of which will be full compromise, as opposed to marketing financial scams.
This prediction sounds like what security vendors say every year — always warning that future attacks will become more sophisticated, without providing real detail.
Readers, are you worried about security on Facebook?