Shortened URL Security Threat on Twitter Overblown?

URL-shortening sites are often criticized as an easy way to snare unsuspecting users into clicking malicious links - but a new report says it's not that common

Concern over the danger of shortened URLs may be overblown, according to a report released Wednesday by a researcher with security firm Zscaler.

Zscaler made the announcement in the wake of news from Twitter, which recently said it has implemented a new security system to scan all URLs posted in tweets to protect users from malicious sites. Popular URL-shortening site bit.ly made a similar move in November. But the security may not be as necessary as previously thought. While Twitter and the shortened URLs used in Tweets are often blamed for leading users to malicious sites (CSO wrote about their dangers in 3 Ways Twitter Security Falls Short), Zscaler's Julien Sobrier found otherwise.

Sobrier did an investigation of Twitter links both before the new security scan system and after. The researcher retrieved more than 1 million URLs from the public timeline over what he termed "a couple of weeks" before they put any protections in place. Links were run through the Zscaler infrastructure to find out which links lead to malicious sites. The experiment only looked for malicious sites such as phishing sites, malware, etc., and did not include spam.

Also see Social Media Risks: The Basics

Results reveal on only 773 links led to malicious content; a mere .06 percent, according to Sobrier. Bit.ly represents 40 percent of all links, and roughly the same proportion of malicious links, according to Sobrier. Another shortening site, TinyUrl, represents only 5 percent of all URLs and 6 percent of all malicious sites.

"It does not look like bit.ly's phishing and malware protection is making it any safer than other URL shorteners," Sobrier said in a blog posting on the research.

Sobrier goes on to say the key to protecting end users is real-time scanning of both the URL and the content.

"Twitter and bit.ly can only scan the links periodically," he states. "Malicious websites try to hide their malicious content to non-users by checking the user agent or geography and by requiring a real browser which fully understands Javascript, Flash, etc. An attacker can present harmless content to the Twitter or bit.ly scanners, but harmful content to a real user. "

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies