Don't fall for shortened URLs

by CXOtoday Staff    Dec 07, 2010

spam210Twitter has become an up-to-date news source for millions of people due to the speed with which news spreads through the network. While individual users dominate the service, businesses need to continuously educate their employees who use Twitter to ensure that the source is trustworthy and, on Twitter, determining this can prove difficult.

As with many social networking sites, Twitter is being targeted with malicious activity. Attackers select tweets that contain a popular topic and a shortened URL. The original URL is then replaced with a different shortened URL, pointing to a malicious website.

According to Symantec (NASDAQ:SYMC) Hosted Services research, spam containing shortened URLs hit a one day peak of 18 percent (or 23.4 billion) of all spam emails in 2010, a significant increase from the year before.

It is still very hard for users to spot the malicious links, as it is often a legitimate website that has been compromised and converted to host drive-by download attacks. Having your computer and software patched and having security software installed could decrease the chances of falling victim to such drive-by download attacks.

Twitter has done some preliminary work to prevent the attacks. One tactic employed offer users the opportunity to ‘expand’ the shortened links to show where the link leads without having to actually click the link. However, work is still being done to ensure that all shortened URLs become expandable.