The new cohort of spammers is not yet established enough to run their operations on botnets, said Grier. But security companies have seen some botnets repurposed to run this kind of spam. Malware is relatively rare, largely because the social networks take more aggressive action against it than they do commercial spam.
Experts say social networking sites are already getting more serious about spam. Facebook recently announced a partnership with several security companies that would give users access to free antivirus software for six months. And Twitter recently brought legal action against commercial spammers on its platform.
The evolution is a familiar one. Web email providers like Hotmail were initially hostile to security companies' overtures to help with spam, said Wisniewski of Sophos. But when the problem began to hurt their bottom line, they began working opening up to the companies. He expects Facebook and Twitter will act more and more aggressively against spam if it begins to drive users away.
But Grier offered the flip side of the comparison to email spam.
"As the defenses get better, we'll see more sophisticated tools. We'll see the same sort of evolution on social networks" that we did on email.
Which means users could be in for a long ride.
Cameron Scott covers search, web services and privacy for The IDG News Service. Follow Cameron on Twitter at CScott_IDG.