Researchers laud Twitter alerts on bad links

Share this article:

Twitter has begun alerting users when they attempt to post a link to a malicious site.

When a user tries to send a tweet with a bad URL, Twitter fires a message that says: “Oops! Your tweet contained a URL to a known malware site!”

Some researchers had been encouraging Twitter to block malicious links in light of a number of recent episodes on the popular microblogging platform in which malicious or compromised accounts were posting dangerous tweets.

 

“We've recommended Twitter to start filtering traffic to fight this,” Mikko Hypponen, chief research officer at F-Secure, said in a blog post Monday. “They can easily do it, as all the messages go through them.”

He added: “Twitter hasn't announced this, but we just noticed that they have now started filtering tweets that contain links to known malware sites.”

Other researchers concur that this is a valuable step, but may not be enough.

“While their filtering is a step in the right direction, they are not parsing already shortened URLs,” Beth Jones, security analyst at Sophos, told SCMagazineUS.com Monday. "All a malware author has to do is shorten a URL, put it up, and not worry about it. If a user clicks on the shortened URL, they will go straight to the malicious target.”

Since Twitter requires that users post messages within a 140-character limit, most people employ the shortened links.

Some URL shortening services do provide checks to determine whether URLs are disguising malicious links. For example, Bit.ly checks links against spam-filtering services such as SURBL and site-monitoring services such as Google Safe Browsing, Jones said.



Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.