Trend Micro chief warns of threat to members of social networks

Putting personal information on to social networking websites can open users up to targeted attacks from criminals, one leading security company has told Computeractive.

In an exclusive interview at the Cebit trade show in Hannover, Germany, Raimund Genes, chief technology officer of Trend Micro, said: "I think we need to rethink how we publish information. People are putting more and more private, confidential information online and you could use this to attack them.

"These attacks are very difficult to trace with traditional security software, because with a signature you need to detect the malware and for this you need to know the malware. But if the malware is only on your computer – one computer on earth – it will be difficult to detect it."

Mr Genes had just finished giving a press conference during which, he said: "I picked one editor and I showed him an email I would craft to attack him, by just getting part of the information from Facebook."

He said that there were particular risks for companies, universities and governments: "Every day the bad guys – the underground economy – are releasing 60,000 new pieces of malware. So it's already difficult to trace all of this. But when you do something targeted, just against a user, against a company or whatever ... it's extremely difficult to spot it.

"We at Trend Micro have a product only for protecting servers, which is more complex than the standard anti-virus because the typical target – the server – is way more valuable. If you are getting on to this system it's the biggest disaster you could have within a company.

"Universities are a really big problem because every student clicks on everything. So when you look at the statistics about infection, the universities are very high on the lists. But even governments are not safe – I think recently the Canadian government was attacked.

"I know a case in Brazil where the government has been attacked there. There's industrial espionage but it's not only industrial espionage. Sometimes I even would call it cyber-war. When you look at Stuxnet and what happened with this malware which affected the nuclear power plants. Was this cyber-war, was this a targeted attack? It sure was a targeted attack – and it was for a specific reason.

"Every nation now has a cyber-war task force. Some of them are just defensive, but others are offensive as well. Every country is investing in this somehow, even countries you wouldn't think about: like North Korea, which has a big big big cyber-war offence force."

You can read more of our reporting from Cebit 2011 by clicking here