Web 2.0 companies are concentrating on growing their user bases at the expense of properly defending their existing customers from internet threats.

The Sophos Security Threat Report for the first six months of cybercrime in 2009 has identified that criminals have increased the focus of attacks on social networking sites. At the same time, the first half of 2009 has seen an explosion in hackers exploiting scareware tactics to con computer users into paying for bogus anti-virus protection.

Graham Cluley, senior technology consultant at Sophos, said: “Novice computer users are clearly falling foul of this under-handed tactic to capitalise on their fear from infection. Your aunt Mabel may be aware that viruses and malware exist and that they're bad, but probably won't be savvy enough to distinguish between legitimate and phoney anti-virus protection.”

It also found that IT teams are worried that employees share too much personal information via social networking sites, putting their corporate infrastructure - and the sensitive data stored on it - at risk.  The findings also indicate that a quarter of organisations have been exposed to spam, phishing or malware attacks via sites such as Twitter, Facebook, LinkedIn and MySpace.

Cluley said: “What's needed is a period of introspection - for the big Web 2.0 companies to examine their systems and determine how, now they have gathered a huge number of members, they are going to protect them from virus writers, identity thieves, spammers and scammers.

“The honeymoon period of these sites is over, and personally identifiable information is at risk as a result of constant attacks that the websites are simply not mature enough to protect against.”

Speaking on a Sophos webcast, Cluley claimed that threats in 2009 had seen a ‘conveyor belt of crime' so far with 40,000 files and approximately 23,000 infected sites detected every day. This was four times worse than in 2008 and the biggest problem is that the majority of websites are legitimate.

However it is not all bad, as Cluley claimed that: “threats will escalate but the defence is becoming better and better. We will carry on facing security challenges but if you put right security in place you will be ok, start protecting users and stay informed.”