Twitter has added a new service that detects malicious URLs in
an effort to quell the rise in spam and phishing on the
microblogging social network.
The new security feature ultimately will scan all URLs before
they hit the Twitter feed, but initially is only doing so for URLs
sent via Twitter direct messages [DMs] and email notifications
about DMs. Twitter is using its own URL shortener for these links:
"For the most part, you will not notice this feature because it
works behind the scenes but you may notice links shortened to
twt.tl in Direct Messages and email notifications," said Del
Harvey, Twitter's director of trust and safety, in a recent blog
post.
Twitter's security feature comes amid new data revealing the
level of abuse on the social network: One in eight Twitter accounts
last year was malicious, suspicious, or suspended, according to a
report issued more recently by Barracuda Networks. The surge in
celebrities joining Twitter in 2009 resulted in a major jump in
spam, phishing, and other abuse on the site, according to the
report.
And those numbers have remained steady to date. "We are still
seeing Twitter identify 3 to 4 percent of Twitter accounts as
malicious. And, meanwhile, 9 to 10 percent of accounts on Twitter
are actively engaging in malicious activity," says Paul Judge,
chief research officer at Barracuda.
Twitter's abuse rate increased 66 percent during what Barracuda
calls the "Twitter Red Carpet Era," the period during November 2008
to April 2009 when a wave of celebrities joined the social
network.
Chet Wisniewski, senior security adviser at Sophos, says
Twitter's move to defend against attacks on its users is good news,
although the announcement doesn't provide much detail on how the
service works. "I did some testing, and it appears they are only
converting links to their shortener, http://twt.tl, for email
notifications of direct messages at this time," Wisniewski says.
"Hopefully we will see Twitter partner with more security
organizations to help stop spam, viruses, and other scams as
well."
As of this posting, Twitter had not responded to a request for
an interview.
Barracuda's Judge says protecting Twitter DMs is a good start,
but that's not where the majority of malicious links are conducted
on Twitter. "We've seen the majority of activity in the public time
line, with attackers trying to take advantage of popular trending
topics," Judge says. "At least Twitter is acknowledging the
[malicious URL] problem."
Judge says it's unclear why Twitter needs a URL shortener to
safeguard URLs. "I almost wonder if they wanted to have a URL
shortener and are using security as a reason [to launch it]," he
says.
Twitter should be conducting more analysis of links being
distributed around its platform, and using reputation-based
monitoring to catch illegitimate accounts and malicious activity,
Judge says.
So far Twitter has mainly been hit by spam and phishing attacks,
as well as hacked individual accounts. But a researcher at RSA
Conference 2010 recently demonstrated a tool that impersonates
a Twitter user's account in order to execute automated targeted
attacks on the person's followers.
Pedro Varangot, a security researcher with Core Security Labs,
says his team wrote the tool as a way to demonstrate and test for
how social networks can be used for spear phishing.
Meanwhile, Twitter's Harvey said in his post that previously,
his team was only able to detect phishing scams after the links had
been sent. He called the new service "a major blow against
phishing" and said that even if a malicious link is sent via an
email notification and the recipient clicks on it, Twitter will "be
able to keep that user safe."