Apple Ping Hit by Spammers

Researchers at Sophos say Apple Ping has been hit by scams familiar to users of other social networks such as Facebook and Twitter.

Spammers jumped out the gate quickly with survey scams aimed at users of Ping, Apple's new iTunes social network.

Ping launched Sept. 1 with the goal of creating a social network for the more than 160 million users of iTunes. However according to Sophos, the service has been hit with a barrage of scams and spam messages in the days since the launch, including some seeking to get users to fill out online surveys in exchange for a free iPhone.

"We're used to survey scams like this being spread far and wide via sites like Facebook, but clearly the lack of filtering on Ping is making it a brand new playground for the bad guys to operate in," said Graham Cluley, senior technology consultant for Sophos, in a statement. "It's ironic that the most common scams on Ping right now revolve around Apple's own iPhone. It's safe to assume that Ping does incorporate some rudimentary filtering to prevent offensive messages from being posted, so hopefully Apple's security team can extend this to also block scam messages and malicious links. In the meantime, though, Ping users should be wary of believing what they read on the new service."

The prospect of spammers using social networks is hardly new. In fact, Sophos published research earlier this year that showed a 70 percent increase in the number of users reporting spam and malware being spread via social networks. Much of the survey spam is nearly identical to scams seen on Facebook, Google and Twitter, Sophos senior security adviser Chet Wisniewski blogged.

"Most of the security industry has been pointing out the migration of spam from an e-mail-only venture to blog/forum comments, Facebook, Twitter and other Web 2.0 platforms," blogged Wisniewski. "But apparently Apple didn't consider this when designing Ping, as the service implements no spam or URL filtering."

"As more companies jump on the social networking bandwagon they must think carefully about what they are going to do to make their communities a safe place for users to hang out," Cluley added. "If they're complacent about these sorts of security risks then users may end up voting with their feet, and find a safer place to spend their online time."