MySpace users targets for ID thieves

"The ongoing interaction lowers your reservations and security barriers," said Marc Gaffan, an expert in online fraud and security at RSA, the security division of EMC Corp.

MySpace, which News Corp. bought last year for some $580 million, has recognized the threat and is stepping up security efforts, said Hemanshu Nigam, its chief security officer.

The company is rapidly expanding its team of software engineers, lawyers and other experts who look for suspicious activity, educate users on how to prevent attacks and go after the worst offenders.

Under Nigam's direction, the company recently formed a Content Assurance Team. Employees post fake profiles on the site, pretending to be vulnerable teens or clueless adults. The profiles are designed to keep tabs on everything from sexual predators to spammers.

MySpace also is preparing to launch a more aggressive education campaign, urging users to take care and use tools that restrict the viewing of their profiles to only trusted sources.

When all else fails, the company is also files civil suits and is increasing cooperation with law enforcement officials.

"We're trying to take away the 'cool' factor of trying to attack us," Nigam said.

Nigam came to MySpace after stints as a federal prosecutor specializing in child pornography and computer crime cases. He also led security efforts at Microsoft Corp. and the Motion Picture Association of America. (MSNBC.com is a Microsoft-NBC Universal joint venture.)

MySpace hired him in May to strengthen security and safety efforts at the site and other Internet properties owned by Fox Interactive media.

"Security is a top priority because it's critical for our community of users and for our business partners," Nigam said. "If advertisers feel uncomfortable being on a site that is seen as not as secure, not as safe, then we lose revenue."

So far, no major damage has been done on the site, although some users, increasingly annoyed by the fake friends and messages, are seeking other social networking alternatives.

"I don't have this problem on Facebook," Rogers said, referring to another popular site.

The Internet has weathered several threats over the years, but as users move on, so do the attackers.

Writers of malicious software used to count primarily on e-mail recipients to click on attachments to spread their wares. As e-mail recipients got more savvy, the writers looked to automate the process by exploiting vulnerabilities in e-mail programs, browsers and the Microsoft's Windows operating system.

As those security holes get closed, virus writers are looking elsewhere, including social-networking sites — attractive in part because of their size.

"It's where the activity is and the attackers play the percentages," said David Cole, director of security response at Symantec Corp. "They go after the largest market share where there is the most activity."

MORE FROM SECURITY

Security Section Front

Check your junk mail: Might have a contract in it FTC warns of increase in Internet scams Man indicted in hacking of Palin's e-mail Tiny flash drives improve their security Fake YouTube pages used to spread viruses EU proposes more rights for Internet shoppers Gmail 'Mail Goggles' stymie drunk e-mailing Fraud plagues prepaid calling card market GPS 'spoofing' could threaten national security Chinese snoop on Skype, but are they alone? Security Section Front   Add Security headlines to your news reader: