Home Twitter Starts Filtering Malicious URLs

Twitter Starts Filtering Malicious URLs

One of the most popular activities on the microblogging service Twitter is sharing links. However, this activity is also one of the most dangerous, too. Ever since Twitter gained in popularity, hackers and spammers have been using the service to direct traffic to their unsavory websites. For the end user, clicking on those bad links could result in, at best, an annoyance as they’re directed to some spammy website or, at worst, a full-on malware attack on their PC.

Today, it appears that Twitter is starting to do something about the problem. According to security firm f-secure, Twitter is now blocking malicious URLs from being posted to their service.

With the new malicious URL protection built into Twitter, you’re no longer able to posts links to known malicious websites. If you try to do so, you’ll receive a message reading: “Oops! Your tweet contained a URL to a known malware site!”

Since the company has not made any official announcement about the new protection, it’s unknown at this time if Twitter is using a particular service to provide the lookup capabilities for the malicious URL identification or if they are managing this process in-house. If we had to bet, though, we would go with the former. Maintaining a current “block list” for malicious websites would be a major undertaking for the startup. It’s more likely they’ve partnered with a security company of some sort to provide this service or are using a publicly available API, such as Google’s Safe Browsing API, which checks URLs against Google’s blacklist.

The need for this type of protection on Twitter is more than apparent. As of late, the service has been overrun by those wanting to use it for their own nefarious purposes. Besides just getting their links posted to Twitter itself, hackers have managed to get their malware links into Twitter’s trending topics, too. There have also been instances where the Twitter accounts of high-profile users, like Guy Kawasaki for instance, have been hacked and have then been used to push malware links out to their unsuspecting followers.

Good, But Not Good Enough

Unfortunately, there’s a major issue with how Twitter is blocking malicious URLs. They’re not parsing shortened links. Because of Twitter’s 140-character limit, URL-shortening services have become the de facto standard for link sharing on Twitter. This functionality is built into numerous third-party client applications as well as into the Twitter web interface itself. Shortening a malicious link would be by far the easiest way to post a dangerous malware-laden link to Twitter – and likely the method hackers would use anyway. If Twitter does not parse all the shortened links users attempt to post, then they don’t really have a good shot at keeping malware links off their service.

Luckily for Twitter end users, the default URL-shortening service, Bit.ly, began warning users of malware last month. Although it still permits users to shorten and post links to malicious sites using Twitter, anyone clicking on the link will receive a message: “Warning – this site has been flagged and may contain unsolicited content. The content of this web page appears to contain spam, or links to unsolicited or undesired sites.”

Well, at least that’s something.

While we’re glad to see Twitter taking steps to make their service a more secure place for sharing links, we hope they’ll soon start parsing URLs, too. Otherwise, this new protection won’t be that much help in the end.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.