Twitter Tries Out Message Filtering Technology
The development team behind Twitter is focusing on much more than just getting the popular micro-blogging site to look better by throwing a fresh coat of paint on its front page. Twitter is also focusing on the issue of security, because it gets hit with so many attacks that personally I grew tired of reporting them. But news of Twitter being hit with a new worm or a new spam campaign may soon become a thing of the past as the micro-blogging site is testing a means of filtering out messages that contain links to malware spreading sites.
The concept is quite simple: if a user posts a message and links to a malicious site, that message is filtered out. This way the security of all Twitter users is protected. The message linking to the known malware spreading site is not displayed; instead the Twitter user is presented with this message: “Oops! Your tweet contained a URL to a known malware site.”
According to F-Secure, Finland-based company that specializes in developing antivirus and computer security software, Twitter has started to test this new filtering option, just as the company suggested.
“As Twitter has been getting more and more popular, it is increasingly targeted by worms, spam and account hijacking. We've recommended Twitter to start filtering traffic to fight this. They can easily do it, as all the messages go through them. Twitter hasn't announced this, but we just noticed that they have now started filtering Tweets that contain links to known malware sites,” explained Chief Research Officer with F-Secure, Mikko H. Hyppönen.
The malware filtering option provides limited functionality for the time being – a clear indication that Twitter is still fine tuning it. For example, if you use the bit.ly URL shortening service to post a link to a malware spreading site, the filter jumps into action. But when you use TinyURL, nothing happens. This may be explained by the fact that bit.ly checks URLs against Stopbadware.org’s list of known malware sites, but TinyURL does not.
Other tests have shown that posting a full link to a malware site will trigger the filter, but when the “http://” or the “www” part is dropped, the filter fails to detect the malicious link. Still, it is a good indication that Twitter is heading in the right direction, security-wise.
The concept is quite simple: if a user posts a message and links to a malicious site, that message is filtered out. This way the security of all Twitter users is protected. The message linking to the known malware spreading site is not displayed; instead the Twitter user is presented with this message: “Oops! Your tweet contained a URL to a known malware site.”
According to F-Secure, Finland-based company that specializes in developing antivirus and computer security software, Twitter has started to test this new filtering option, just as the company suggested.
“As Twitter has been getting more and more popular, it is increasingly targeted by worms, spam and account hijacking. We've recommended Twitter to start filtering traffic to fight this. They can easily do it, as all the messages go through them. Twitter hasn't announced this, but we just noticed that they have now started filtering Tweets that contain links to known malware sites,” explained Chief Research Officer with F-Secure, Mikko H. Hyppönen.
The malware filtering option provides limited functionality for the time being – a clear indication that Twitter is still fine tuning it. For example, if you use the bit.ly URL shortening service to post a link to a malware spreading site, the filter jumps into action. But when you use TinyURL, nothing happens. This may be explained by the fact that bit.ly checks URLs against Stopbadware.org’s list of known malware sites, but TinyURL does not.
Other tests have shown that posting a full link to a malware site will trigger the filter, but when the “http://” or the “www” part is dropped, the filter fails to detect the malicious link. Still, it is a good indication that Twitter is heading in the right direction, security-wise.
