Posted by: Robert Westervelt
malicious URLs, shortened URLs
Symantec video highlights shortened URL problems on Twitter.
Back in June, I wrote about URL shortening services and how they could contribute to sending the Internet out of control. In short, Cligs, the fourth used URL shortening service, suffered an attack at the time that edited most URLs on Cligs to point to a new location. According to Cligs, 2.2 million URLs were affected. The error was nearly unavoidable by users. Even links from trusted sources were redirected to a new location.
Symantec posted a blog entry and a video Thursday showing how shortened URLs are spreading rogue antivirus and ultimately malware onto victim’s machines. “Clicking any link like this is entirely a security leap of faith, said Symantec’s Ben Nahorney.
The simple answer is to not click on shortened URLs or users should instead download the browser add-ons for FireFox and Internet Explorer that preview the URL. Those behind Twitter have not yet stepped up to address the issue. It could be addressed by developing a tool within Twitter that masks a long URL and doesn’t count toward the 140 character limit. Perhaps the URL should be treated as an attachment within a Tweet. Once the attachment is opened revealing the link, a user can examine the link for authenticity.