Security Bytes

Apr 1 2010   1:41PM GMT

Most short links on Twitter safe, researcher finds


Less than 1% of shortened URLS on Twitter are malicious.

Security researchers at Zscaler Inc. scanned 1.3 million shortened URLs posted on Twitter, and discovered that less than 1% (773) of those links led to malicious pages.

The security firm’s analysis was conducted before Twitter’s Trust and Safety team launched a new service to protect their users from phishing tactics and other “deceitful attacks.” The service scans all URLs posted in tweets, searching for malicious content.

In a blog post, Zscaler’s Julien Sobrier wrote that 92% of the 773 malicious links led victims to sites serving up malware, and 5% led Twitter users to phishing sites. Popular URL shortening service, holds the dubious distinction of hosting the most malicious URLs. The URL shortener accounted for 40% of the potentially dangerous links posted via tweets on Twitter.

It does not look like’s phishing and malware protection is making it any safer than other URL shorteners.

In the past Twitter has been scrutinized for being a tool for phishers and cybercriminals attempting to lead users to malicious websites. However, Zscaler’s research proves the contrary. In fact clicking on a URL through Google is more likely to direct users to a malicious site, Sobrier said. Zscaler’s scan only searched for phishing sites, malware, anonymizers and exploits, but did not conduct a search for spam.

Twitter’s Trust and Safety team says they will be able to “detect, intercept, and prevent the spread of bad links across all of Twitter. Even if a bad link is already sent out in an email notification and somebody clicks on it, we’ll be able keep that user safe. “

Sobrier said the only way to protect end usrs is through real-time scanning of both URLs and content.

Twitter and can only scan the links periodically. Malicious websites try to hide their malicious content to non-users by checking the user agent or geography and by requiring a real browser which fully understands Javascript, Flash, etc. An attacker can present harmless content to the Twitter or scanners, but harmful content to a real user.

-Matthew DeBarros

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: