Social-networking sites like Facebook and Twitter can expect more attention from cybercriminals in 2010, according to a new report released Tuesday by McAfee Labs. Also at risk are users of Adobe Systems products including Acrobat Reader and Flash. And move over Microsoft; the security firm predicts that Google’s Chrome OS will “create another opportunity for malware writers to prey on users.”

The company also anticipates smarter and more dangerous Trojans that “follow the money,” as well as a “significant trend toward a more distributed and resilient botnet infrastructure that relies much more on peer-to-peer technologies.”

In a recorded interview (scroll down for audio) David Marcus, McAfee Labs’ director of security research and communications, said that he expects “an explosion of Facebook and other services targeted by cybercriminals.” In addition to malware like Koobface that spreads among Facebook users’ friends list, Marcus expects an increase in rogue Facebook applications.
“When you click yes to ‘do you want to allow this application to access your Facebook account,’ you’re giving that application access to all the data in your Facebook account,” he said. Facebook vets the third-party applications that it distributes, but rouge developers are finding other ways to get people to install unauthorized apps.

“A lot of the spammers and scammers will send fake Facebook application requests to users’ inboxes,” he said. Marcus recommends that you only install apps from within Facebook by clicking “browse more applications” in the Facebook application installer.”

According to McAfee, Twitter is vulnerable mostly because of URL-shortening services like bit.ly and tinyurl.com. There’s nothing wrong with Twitter or these services, but when you click on a shortened URL you have no idea where you’re going until after you get there. I would like to see a URL-shortening service that vets each URL for security and rejects those that are potentially dangerous. Twitter, according to the McAfee report is “also serving as a control vehicle for botnets.”

Criminals are now being more surgical in their attacks, singling out individuals and corporations as targets. The report points to the 10-month investigation of “GhostNet,” which McAfee Labs describes as a “network of at least 1,295 compromised computers in 103 countries” that “primarily belonged to government, aid groups, and activists.” The malicious code was delivered by e-mail with subject headings related to the Dali Lama and Tibet, according to the report.

The report also sites “a very targeted wave of attacks against the management of major companies,” as well as attacks carried out against “journalists from various media organizations, including Agence France Press, Dow Jose and Reuters based in China.”