Report: Shortened URLs A Threat to Tweeters

The same features that make Twitter a go-to site for Web users, quick links and quick news, are also the most dangerous, say security experts at Symantec. The IT services firm has released a new security alert for the site, warning users to be on the look out for shortened URLs that link to malicious sites.

The same features that make Twitter a go-to site for Web users, quick links and quick news, are also the most dangerous, say security experts at Symantec.   The IT services firm has released a new security alert for the site, warning users to be on the look out for shortened URLs that link to malicious sites.

In this latest attack, hackers look to the Trending Topics on the site’s home page to find and select tweets that contain a popular topic and a shortened URL. The original URL is then replaced with a different shortened URL, this one taking users to a malicious Web site.

Symantec security expert Candid Wueest issued the warning in a blog post on the Mountain View, Calif-based company’s Web site.

“Since the text in the messages is identical, the user cannot tell that new shortened URL leads to a malicious website, rather than the original story,” said West. “Therefore some people will inevitably follow it wherever it may lead.”

The news marks the second time in just one week that Twitter users have been warned about attackers using the site’s Trending Topics feature to issue attacks. Our sister site, AllTwitter, reported on the recent security breach in which hackers used holiday-themed trending topics, such as “Hannukah” and “Grinch,” to spread their malware.

In the case of shortened URLs, Twitter users should install browser extensions that reveal the final destination of shortened URLs, and make sure they have the most up-to-date security software in order to protect themselves, the company advised.

Twitter administrators have told Symantec they are aware of the problem and recommend using the social network’s t.co (http://t.co/) URL shortener to maintain links within the ecosystem.

Twitter is also said to be working on the development of an “expand” button that would allow users to expand the shortened links when looking at search results in order to verify where the link leads. One necessity Twitter has said will be included in that function is to make sure the button works even when a link has been processed through several URL shortening services.

Research from Symantec found that spam containing shortened URLs hit a one-day peak of 23.4 billion or 18% of all spam e-mails in 2010, an increase from just 9% in 2009.

Twitter has been forced to deal with its share of privacy breaches this year, including the Twitter worm that was a result of flawed scripting on the site that allowed hackers to hijack hundreds of Twitter feeds in a matter of hours.

The site, along with fellow social networking giant Facebook, also received an “F” for protecting users’ privacy in the “Online Services Security Report Card” released last month by Digital Society.