Advertisment

Is Twitter assisting malware spread?

author-image
CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: Twitter in combination with url shortening services could be helping the spread of malware on a massive scale.

Advertisment

Twitter's 140 character tweet limit provided the initial imperative for url shortening services that have now sprouted by the dozens. Setting up such a service is worth the time, money and effort that is put into it because of the insight that it can provide intoweb traffic and browsing patterns, insight that can be sold for good money.

Two of the most popular url shortening services are bit.ly and Twitter's twt.tl. Inevitably, Google too has jumped on the bandwagon with its goo.gl service.

So what could be the problem with tweets and shortened urls?

Advertisment

When shortened, a url masks its destination. You have no idea where the url will lead you to. Even a dubious destination that has no domain name starts to look respectable as a bit.ly url. Think how much of a delight that must be for temporary porn and malware injection sites set up internet guerrillas.

On several occasions a shortened url posted on Twitter has taken us to nasty websites, one of which may have caused a rootkit infection on our laptop. Had the actual url of the destination site been displayed we would have been alerted to the nature of the websites and never clicked on the link.

Ironically, on all occasions the links had been re-tweeted by a celebrity with massive following, running into hundreds of thousands.

Advertisment

Malware site owners often masquerade as celebrity fans. They win the trust of a celebrity and then request a retweet with a link that ostensibly contains a celebrity video or photos.

Celebrities retweet the links either without investigating the sites, or the links are later redirected to malware injection sites.

The end result is, rogue sites are able to get hundreds of thousands of visits at no expense and spread their malware with ease.

Advertisment

We raised our concerns with the folks at bit.ly and they responded promptly.

Here is what they said:

"We do, incidentally, have a number of ways to preview a link. The simplest is to simply add a + sign to the end of any bit.ly link. You will then be taken to the info page for that link. We also have a bit.ly Firefox extension which allows you to preview any bit.ly link simply by rolling over the link with your mouse. You can find that extension here: https://addons.mozilla.org/en-US/firefox/addon/10297"

Advertisment

"We also have a strong community of people that report spam to us all the time and we block it with an interstitial page."

Apparantly bit.ly have done their bit! However, the protection doesn't work because Twitter doesn't force its users to post shortened link with a + sign at the end.

Twitter could also adopt some other easy measures to stop the spread of malware from their site, starting with alerting users to the dangers of clicking on shortened links!

Advertisment

We asked Twitter for comments but our request is still pending with them.

If we do get a response, we will update this page. In the meantime, know what you are doing when clicking on a shortened link in Twitter.

©Sawf News

tech-news