Researchers laud Twitter alerts on bad links

Share this article:

Twitter has begun alerting users when they attempt to post a link to a malicious site.

When a user tries to send a tweet with a bad URL, Twitter fires a message that says: “Oops! Your tweet contained a URL to a known malware site!”

Some researchers had been encouraging Twitter to block malicious links in light of a number of recent episodes on the popular microblogging platform in which malicious or compromised accounts were posting dangerous tweets.

 

“We've recommended Twitter to start filtering traffic to fight this,” Mikko Hypponen, chief research officer at F-Secure, said in a blog post Monday. “They can easily do it, as all the messages go through them.”

He added: “Twitter hasn't announced this, but we just noticed that they have now started filtering tweets that contain links to known malware sites.”

Other researchers concur that this is a valuable step, but may not be enough.

“While their filtering is a step in the right direction, they are not parsing already shortened URLs,” Beth Jones, security analyst at Sophos, told SCMagazineUS.com Monday. "All a malware author has to do is shorten a URL, put it up, and not worry about it. If a user clicks on the shortened URL, they will go straight to the malicious target.”

Since Twitter requires that users post messages within a 140-character limit, most people employ the shortened links.

Some URL shortening services do provide checks to determine whether URLs are disguising malicious links. For example, Bit.ly checks links against spam-filtering services such as SURBL and site-monitoring services such as Google Safe Browsing, Jones said.



Share this article:

Sign up to our newsletters

More in News

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a ...

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached ...