RSS Alerts

Share

More services

Related Links

Related Stories

  • Twitter quietly checks tweeted URLs - draws criticism
    Twitter has quietly started checking URLs entered into tweets (user messages) on its microblogging service and immediately flown into a barrage of criticism about its checking methodology.
  • Twitter worm steals user details
    A worm on Twitter is tricking users into giving up their user details at the same time as redirecting victims to a dating website where the aggregate number of views result in affiliate revenue.
  • Conficker and Facebook / Twitter attacks dominate Q1 email threats
    The Conficker worm and attackers’ social engineering techniques exploiting users on Facebook, Myspace and Twitter, dominated the email threats in the first quarter (Q1) of 2009, according to identity-based unified threat management (UTM) solutions provider Cyberoam and its Israeli messaging and web security partner Commtouch.
  • Infosecurity gets twittered up
    Infosecurity magazine are now on Twitter. Please ‘follow’ us to receive our latest news, views and industry comments.
  • Obama's Twitter Account Hacked
    President-elect Obama was among 33 celebrities whose Twitter accounts were hacked this week. Attackers managed to compromise the accounts on the microblogging service by hacking into the company's support tools.

Top 5 Stories

News

Twitter not adequately checking URLs, says Kaspersky

30 October 2009

Twitter is failing to block malicious websites that are being posted to it via URL shortening services, according to researchers from Kaspersky, who have applied their own back-end service to help solve the problem.

The micro blogging service, which allows messages of up to 160 characters to be posted, by default uses the bit.ly URL shortening service, which replaces long web addresses with more manageable codes. Costin Raiu chief security expert at the anti-malware company's Eastern European computing lab, explained that online criminals have been using these services to obfuscate malicious URLs, which they then spread to other Twitter users by posting in messages.

Twitter began using bit.ly as its default URL shortening service in May, and began filtering URLs in August, using the bit.ly service's filtering function. Kaspersky has found that it uses the Google Safe Browsing API, which checks URLs against a database of known malicious destinations. However, it also lays its own extra filtering on top.

"There are still a lot of links that make it through Twitter, and keep in mind that it is also possible to simply use other URL shortening services", Raiu said.

Kaspersky has created a project called Krab Crawler, which uses the Twitter API to download as many messages as it can from the public timeline. It then uses a distributed network of machines to expand these URLs, analyze them semantically, and run them through an anti-malware scanner. The project is downloading 60 GB of data via Twitter every month, and processing half a million unique URLs.

Kaspersky has also been mining this data for statistics. It found that roughly half the malicious sites found have been compromised by other malware attacks such as Gumblar, a script injection that targeted websites earlier this year.

"These are generated by users themselves who are unwittingly posting links to websites that they believe to be clean", Raiu said.

26% of Twitter posts included a URL, Kaspersky found. The most popular two shortened URLs posted using the service in September that resolve to online dating sites, one of which have been known to serve up malware in the past.

"Most of the URLs posted on Twitter seem to be generated by spammers or people with malicious intent. The fact that they point to sites that can be malicious but may not always be immediately labeled as malicious is important.

"The vast majority of attacks seem to fall into the grey zone. The sites may not always be malicious, but there are either links to spammers, or to malicous software authors, even if the link isn't always immediately obvious."

This article is featured in:
Internet and Network Security • Malware and Hardware Security • Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012