Business must educate users on security risks of Twitter, warns Symantec

As Twitter becomes a news source for millions of people, businesses must educate employees about the risks involved in using the service, says IT services firm Symantec.

As with many social networking sites, Twitter is being targeted with malicious activity, the company has warned.

Attackers typically select tweets that contain a popular topic and a shortened URL. The original URL is then replaced with a different shortened URL, pointing to a malicious website.

"It is still very hard for users to spot the malicious links, as it is often a legitimate website that has been compromised and converted to host drive-by download attacks," said Candid Wueest, security expert at Symantec.

Having computers and software patched and having security software installed, could decrease the chances of falling victim to such drive-by download attacks, he said.

"In feedback we have received from Twitter, they have informed us that this is definitely an issue that they're aware of and have done some preliminary work in the form of the shortener currently used in direct message (DM) notification e-mails," Wueest wrote in a blog post.

Twitter is also offering an "expand" link that allows users to expand the shortened links to check where the links in search results lead. Twitter is still working on this concept in order to ensure that even shortened URLs shortened by other URL shorteners are expanded correctly.

Twitter also says that it is actively working on other features to increase user safety and security.

According to Symantec Hosted Services research, spam containing shortened URLs hit a one-day peak of 23.4 billion or 18% of all spam e-mails in 2010, up from 9% in 2009.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?