Social networking is getting hotter, and with it riskier. Social networking sites remain one of the top phishing targets. Social networking phishing attacks represented less than 1 per cent of attacks, but yield a big chunk of phishing impressions.

A typical social network phishing is likely to trick many more users than a typical financial phish. There are a number of explanations for this discrepancy. While financial institutions targeted by phishers can number in the hundreds, just a handful of popular sites account for the bulk of the social network usage on the Internet, so phishers can effectively target many more people per site.

In addition, phishers often use the messaging features of the sites themselves to distribute their attacks, typically by gaining control of a user's account and using it to send phishing messages to the victim's friends. These attacks are more effective than email-based attacks as they exploit the considerable level of trust that users place in their friends.

Users don't always remove unwanted software. Most security software companies' scans allow users to ignore a security alert, allow software to remain, quarantine or remove it. If software is really malicious it is removed without user input. The gray areas appear when users have a choice.

These decisions are influenced by a number of factors, such as the user's level of expertise, how certain they feel about their judgment regarding the software in question, the context in which the software was obtained, societal considerations, and the benefit (if any) being delivered by the software or by other software that is bundled with it.

Malware still remains a dominant threat. In the US, malware accounted for 67 per cent of all infected computers. Trojans -- the miscellaneous variety -- were detected on 29.4 per cent of infected computers.