Kaspersky’s Analysis Finds Malicious Code within Twitter Links

Security investigators at Kaspersky Labs, after deploying an application for analyzing URLs that move within tweets, have found that a large number of web-addresses, at the rate of one in 500, that are posted on Twitter take users onto malware hosting sites.

Reportedly, malware spreads with the help of shortened URLs, popularly used on Twitter that conceal the actual web-address users intend to click, with the result that links are not filtered even if they are bogus.

States Kaspersky that it has devised an application named Krab Krawler that pulls out URLs from several million tweets daily. This application enlarges condensed URLs so that words within them can be assessed for that matching popular malware websites. However, for new websites, Kaspersky visits webpage and finds out whether they are hosting malicious software which could infect visitors.

In the meantime, approximately 26% of tweets carry at least one URL, said Kaspersky's Chief Security Expert Costin Raiu. WIRED reported this on October 29, 2009.

Raiu further said that nearly half of the URL-embedded tweets seem to be generated by spammers or people intending to do malicious activities. He added that these URLs spread faster through re-tweets.

Apart from this, several thousands of accounts, possibly those created through bots, are posting malicious links, with the most common links connecting to dating websites, stated Kaspersky.

Although Twitter has an internal system for filtering malicious links, still some of them manage to pass unnoticed, the company said.

Likewise Kaspersky said that however its own anti-virus software could intercept and stop 95% of all malicious codes that threaten Twitter users, but these codes often change form to dodge filters, and nearly 2-12 hours could get spent in detecting and classifying new stuff as malware.

Thus, while AV firms have conventionally concentrated on defending users against virus-laced e-mails, they are now focusing more and more on social-media websites that are being increasingly targeted by the attackers.

Moreover, attackers popularly target social-media websites not just for the reason that they receive huge user traffic, but also for the reason that users normally rely more on messages from friends on these websites than they rely on ordinary e-mails, investigators stated.

Related article: Kaspersky Released Malware Statistics for September 2008

» SPAMfighter News - 11/10/2009