Spammers crash Apple's Ping party

The new iTunes social network is being attacked by scammers

Security firm Sophos is warning that Apple's Ping social networking service has been blighted by spammers just days after launch.

Graham Cluley, senior technology consultant at Sophos, said that Ping is failing to block fraudulent messages posted by spammers, and urged users to be on their guard.

Ping was announced this week and went live for approximately 160 million iTunes users who were instantly able to read and post comments and build up social networks around music.

Sophos researchers have already found a number of scam and spam messages on the service, however, many of which are designed to exploit the Apple fan base by offering the chance to win an iPhone.

"We're used to survey scams like this being spread far and wide via sites like Facebook, but clearly the lack of filtering on Ping is making it a brand new playground for the bad guys," said Cluley.

"It's ironic that the most common scams on Ping right now revolve around Apple's own iPhone."

Cluley urged Apple's security team to extend any filtering system designed to stop offensive messages on the service to also block scam messages and malicious links.

"In the meantime, though, Ping users should be wary of believing what they read on the new service," he added.

But, while users are being advised to exercise caution now, Cluley added that it is the responsibility of firms like Apple to not rush-release applications which could present users with a number of avoidable security issues.

"As more companies jump on the social networking bandwagon they must think carefully about what they are going to do to make their communities a safe place for users to hang out," said Cluley.

"If they're complacent about these sorts of security risks users may end up voting with their feet and finding a safer place to spend their online time."

Chet Wisniewski, senior security advisor at Sophos, was more scathing of Apple, suggesting that the company had ignored a very obvious issue.

"Most of the security industry has been pointing out the migration of spam from an email-only venture to blog/forum comments, Facebook, Twitter and other Web 2.0 platforms," he said.

"But apparently Apple didn't consider this when designing Ping, as the service implements no spam or URL filtering. It is no big shock that, less than 24 hours after launch, Ping is drowning in scams and spams."