Webroot(R) Survey Reveals Social Networkers' Risky Behaviors

Two-thirds share personal information with strangers - knowingly or
unknowingly

BOULDER, Colo., June 24 /PRNewswire/ -- Members of online social networks may
be more vulnerable to financial loss, identity theft and malware infection
than they realize, according to a new survey from Webroot, a leading provider
of Internet security software for the consumer, enterprise and SMB markets.

Surveying over 1,100 members of Facebook, LinkedIn, MySpace, Twitter and other
popular social networks, Webroot uncovered numerous behaviors that put social
networkers' identities and wallets at risk. Among the highlights:

    --  Two-thirds of respondents don't restrict any details of their
        personal profile from being visible through a public search engine
like
        Google;
    --  Over half aren't sure who can see their profile;
    --  About one third include at least three pieces of personally
identifiable
        information;
    --  Over one third use the same password across multiple sites; and
    --  One quarter accept "friend requests" from strangers




"The growth of social networks presents hackers with a huge target. The amount
of time spent on communities like Facebook last year grew at three times the
rate of overall Internet growth," said Mike Kronenberg, chief technology
officer of Webroot's Consumer business. "Three in ten people we polled
experienced a security attack through a social network in the past year,
including identity theft, malware infection, spam, unauthorized password
changes and 'friend in distress' money-stealing scams. The first step to
staying protected is being aware of what the threats are and knowing how to
help prevent them."

Social Networks Present New Opportunities for Cybercriminals 
Cybercriminals employ various types of trickery and malware to capitalize on
risky behaviors. One common tactic is phishing, which hackers use to entice
victims into downloading an infected file, visiting a disreputable site
outside the social network, or wiring money to a "friend in distress."

In recent months, Webroot has seen an increase in these types of attacks on
social networks, including "Trojan-MyBlot," which targeted users of
MyYearbook.com, and others targeting Facebook users including  "Koobface" and
several spread through the domains "mygener.im," "ponbon.im" and "hunro.im."

"Hackers lure users into taking actions they shouldn't by making it appear as
if a friend within their social network has sent them a message - only the
message is from a hacker who's hijacked the friend's account," continued
Kronenberg. "We've seen instances where a salacious yet poorly worded message
like, 'This video of u is evrywhere' includes a link that, when clicked,
prompts the user to download a seemingly legitimate file which, once on your
PC, can do a number of things -- spam your friends, monitor your online
activity or record your personal information."

Hackers can also use less sophisticated means to execute attacks on social
networks: The Webroot survey respondents who reported experiencing identity
theft, a hijacked account and unauthorized username or password changes may
have been victimized by hackers who were able to access their profiles and
guess their passwords based on the personal information they included.

Summary of Key Findings
Results of the Webroot survey indicate a general lack of awareness of the
security risks on social networks and the tools available to protect personal
information, as well as higher rates of risky behaviors exhibited by younger
social networkers.

Social networkers make private information public:
    --  80 percent allow at least part of their profiles to be searchable
        through Google or other public search engines; 73 percent don't
        restrict any profile information from being visible through public
        search
    --  Over half (59 percent) of respondents aren't sure who can see their
        profile
    --  Over one quarter (28 percent) accept friend requests from strangers;
of
        those, one third (36 percent) do not cloak any of their profile
        information
    --  About one third (32 percent) include at least three pieces of
        identifiable information




Privacy concerns outweigh protective actions:
    --  78 percent expressed some concern over the privacy of the information
        they share in their profiles
    --  However, 36 percent use the same password across multiple sites
    --  And 30 percent do not have adequate protection against viruses and
        spyware




Younger users take more risks - 18-29 year olds are more likely to:
    --  Use the same password across multiple sites (51 percent, versus 36
        percent overall)
    --  Accept a friend request from a stranger (40 percent, versus 28 percent
        overall)
    --  Share more personal information that may compromise online privacy (67
        percent share birth date, versus 52 percent overall; 62 percent share
        home town, versus 50 percent overall; 45 percent share employer,
versus
        35 percent overall)
    --  Experience a security attack (nearly 40 percent, versus 30 percent
        overall)




Tips for Safe Social Networking
Webroot recommends the following actions to protect privacy and prevent
threats on social networks.
    --  Guard your personal information - Use privacy settings to restrict who
        can see your sensitive information, or consider omitting all personal
        information from your profile
    --  Be skeptical - E-mails, friend requests, Web site links and other
items
        from sources you do not know could be laced with malware
    --  Choose passwords wisely - Use different passwords for each of your
        sites; select a randomized combination of numbers and letters
    --  Have antivirus and antispyware protection - Even if you think
        you're not infected, scan your machine for dormant viruses with a
        free scan; and protect your PC with an Internet security suite that
        includes antivirus, antispyware, and firewall technologies
    --  Always install updates - If you're already using antimalware
        software, be sure to install updates which include the latest malware
        definitions; do the same with updates to your operating system


    --  Even with security in place, remain vigilant - Malware authors are
        continually writing new programs to avoid detection, so pay close
        attention to suspicious behavior




Webroot offers several comprehensive Internet security solutions for consumers
including Webroot(R) AntiVirus with AntiSpyware, and Webroot Internet Security
Essentials. For more information about these and other products, please visit
http://www.webroot.com/En_US/consumer.html.

About Webroot
Webroot, a Boulder, Colorado-based company provides industry-leading security
solutions to consumers, enterprises and small to medium-sized businesses
worldwide. For more information visit www.webroot.com or call 800.772.9383.
Visit our Threat Blog at http://blog.webroot.com.

(C) 2009 Webroot is a trademark or registered trademark of Webroot Software,
Inc. in the United States and other countries. All other trademarks are
properties of their respective owners.



SOURCE  Webroot

MacLean Guthrie of Webroot, +1-720-842-3164, mguthrie@webroot.com