Researchers laud Twitter alerts on bad links

Share this article:

Twitter has begun alerting users when they attempt to post a link to a malicious site.

When a user tries to send a tweet with a bad URL, Twitter fires a message that says: “Oops! Your tweet contained a URL to a known malware site!”

Some researchers had been encouraging Twitter to block malicious links in light of a number of recent episodes on the popular microblogging platform in which malicious or compromised accounts were posting dangerous tweets.

 

“We've recommended Twitter to start filtering traffic to fight this,” Mikko Hypponen, chief research officer at F-Secure, said in a blog post Monday. “They can easily do it, as all the messages go through them.”

He added: “Twitter hasn't announced this, but we just noticed that they have now started filtering tweets that contain links to known malware sites.”

Other researchers concur that this is a valuable step, but may not be enough.

“While their filtering is a step in the right direction, they are not parsing already shortened URLs,” Beth Jones, security analyst at Sophos, told SCMagazineUS.com Monday. "All a malware author has to do is shorten a URL, put it up, and not worry about it. If a user clicks on the shortened URL, they will go straight to the malicious target.”

Since Twitter requires that users post messages within a 140-character limit, most people employ the shortened links.

Some URL shortening services do provide checks to determine whether URLs are disguising malicious links. For example, Bit.ly checks links against spam-filtering services such as SURBL and site-monitoring services such as Google Safe Browsing, Jones said.



Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.