Groups of users of a social networking system are categorized based on their association with a type of malicious activity. A set of predetermined malicious groups is identified. Users associated with the malicious groups are selected based on their level of interactions with the malicious groups. Other groups associated with the selected users are identified as being potentially malicious groups. The potentially malicious groups are further analyzed based on occurrences of keywords associated with the type of malicious activity and manual verification by experts. The potentially malicious groups are either classified as being malicious or non-malicious or assigned a score based on their likelihood of being associated with the type of malicious activity. The methods and system disclosed can be used for categorizing other types of social network objects based on their association with a type of malicious activity, for example, users, events, and content.