Twitter Takes On Malware With Link Scanning Tools

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved,

Twitter has announced it will begin scanning links posted by users to thwart phishing attacks and the spread of malware on the site.

Twitter has announced plans to route all links through a scanner in a bid to boost security and weed out malicious activity.

The move follows a partnership announced in November between URL shortening service Bit.ly and security companies VeriSign, Websense and Sophos.

“By routing all links submitted to Twitter through this new service, we can detect, intercept and prevent the spread of bad links across all of Twitter,” blogged Del Harvey, director of Twitter’s Trust and Safety team. “Even if a bad link is already sent out in an e-mail notification and somebody clicks on it, we’ll be able to keep that user safe.”

“Since these attacks occur primarily on Direct Messages and e-mail notifications about Direct Messages, this is where we have focused our initial efforts,” Harvey added. “For the most part, you will not notice this feature because it works behind the scenes but you may notice links shortened to twt.tl in Direct Messages and e-mail notifications.”

Twitter security has been in the spotlight in the past two years as the number of users – and attacks – soared. In a new report by Barracuda Networks (PDF), researchers analysed 19 million accounts and found that the Twitter crime rate – the percentage of accounts suspended each month due to suspicious or malicious activity – rose from 1.2 percent in 2006 to 12 percent in October 2009.

Often times the links lead to sites pushing rogue antivirus or other malware. Other times, they lead to phishing sites were the user is prompted to give up their Twitter account information, which can sell for as much as $1,000 in the cyber-underworld.

“What’s significant about the Twitter announcement is that they are announcing that there’s a security problem,” said Paul Judge, chief research officer and vice president at Barracuda Networks, told eWEEK.

Twitter currently uses a mix of algorithms, user reports and systems monitoring to determine if an account has been compromised. Judge, however, said the announcement sounds like Twitter is making a foray into the URL-shortening business, and the microblogging service should focus on leveraging user data effectively to take a more reputation-based approach to security.

For example, in the Barracuda report researchers found that just 27 percent of users have tweeted more than 10 times, and 34 percent have never tweeted since they opened their account. Twenty-six percent of users have at least 10 followers, and 40 percent are following at least 10 people. A drastic deviation from any of these statistics in a short period – such as a formerly dormant account suddenly sending out 40 messages in a day should send up a red flag, Judge said.

“There’s a handful of good people on Twitter that actually use the network, and then there are a lot of malicious accounts and inactive users, and there’s some very basic reputation approaches that can be used to sort out those two types of people,” he said.