The inherent power of social networking sites and their ability to allow individuals to find each other and communicate directly will help attackers use people, rather than technology, to spread their latest work in the future, according to the researcher.
People are also more likely to provide more information about themselves or their contacts to an unknown application once they have begun downloading it, simply to gain the initial functionality it has promised, he said.
Fortinet refers to this trend as the "escalation of commitment" effect.
"In the case of Secret Crush, it's worth noting that this is a social worm, not something traditional being spread via some malicious code. It is manipulating humans to pass it along it on their own," Lovet said. "And once people have been pushed into installing an application, it's easier to ask for more information to get them to finish the install. Once people have already invested some of their time, and shared some of their information with a new program, they are far more likely to share even more data to get access to the capabilities it is offering."
Security experts have tabbed the use of social networking sites including MySpace and Facebook for the delivery of malware as one of the most significant trends they expect to emerge during 2008.
As such, many vendors are actively encouraging businesses to block or monitor use of the programs to protect their networks and computers from being infected by nefarious applications.
"Businesses need to adjust their security and usage policies to address the realities of the Web 2.0 world," said Paul Henry, vice president of technology evangelism at security gateway maker Secure Computing.
"Their Internet use policies need to include social networking sites, blogs, and music and video-sharing sites, and the permissions need to be spelled out specifically," Henry said. "Beyond that they need technical safeguards to help enforce those policies where necessary. The troubling part about this is that most companies are still having problems dealing with far more traditional threats."
This article was updated on Jan. 7, 2008.