Compressed URLs & Twitter
The Research team in San Diego has several Twitter accounts that we use, both to follow other people and to keep people who follow us informed about hopefully useful stuff like blogs and new papers. http://twitter.com/esetresearch is the official team Twitter account, but we also post stuff to http://twitter.com/ESETLLC and http://twitter.com/ESETblog, which have more followers at the moment. [Update: there's also an account http://twitter.com/esetpr that PR contacts will find useful: I've only just become aware of it.]
If you use Twitter for this or other purposes, you’re probably aware that the site compresses URLs posted in tweets, usually with bit.ly, as far as I can see. You’re probably well aware that compressed URLs are frequently used by malware authors et al to conceal the true URL. bit.ly addresses this problem by filtering links through Google Safe Browsing, SURBL and SpamCop, which is reassuring, but is unlikely to catch every malicious site. bit.ly also makes available a Preview Plugin for Firefox that allows users to see more information about a site before they click on it. (Apparently Tweetdeck has a similar feature.) However, there’s no plugin for Internet Explorer (or, I presume, Chrome, Safari etc: I haven’t looked).
Personally, I prefer the tinyURL.com approach, which is browser-independent. If you go to tinyURL.com, you can enable a setting that will allow you to preview the real link whenever you click on a tinyURL on that particular machine. Alternatively, the person creating a tinyURL can send a version that begins http://preview.tinyurl.com/…
I started using these a while ago, but got a couple of adverse comments from people who didn’t want to see the redirect. However, thinking about it (and given the increase in malicious compressed URLs) I’ve decided to start doing it again. Not because it will eliminate the problem altogether (I’m sure it won’t!) but because it might at least make people aware that there’s a slightly safer way of doing it without telling them which browser they should be using. If you don’t like the redirect, all you have to do is paste the URL into your browser and delete the "preview." substring that comes after the "http://".
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
4 Responses to “Compressed URLs & Twitter”
Leave a Reply
- David Harley (741)
- Randy Abrams (431)
- Cameron Camp (110)
- Stephen Cobb (62)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (31)
- Andrew Lee (15)
- Robert Lipovsky (12)
- Jeff Debrosse (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Aleksandr Matrosov (3)
- Peter Stancik (3)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
RSS
August 28th, 2010 at 1:02 pm
Sigh, I’m just hooked to twitter fans right now. They actually do not do a lot for me personally, yet somehow it just simply delivers me a content sensation inside being aware of that many people are basically, well possibly reading what I write about.
August 30th, 2010 at 5:48 am
@Eldon: whatever floats your boat…
December 9th, 2010 at 8:37 am
You wrote "You’re probably well aware that compressed URLs are frequently used by malware authors".
No. I'm not. I don't even know what a compressed URL is. Instead of assuming a reader is into the same stuff you know about, why not provide a link. I just came to this blog via an email link from ESET about potential security threats on social networking sites.
December 15th, 2010 at 12:04 pm
A compressed URL is one that is shortened using a service such as bit.ly or tinyurl.com. If you type “compressed URL” into the “Blog Search” box on the blog page, you’ll find that we’ve posted several blogs on the topic. Our blogs are intended for a range of audiences: some blogs are intended for people who aren’t particularly technically oriented, some are pretty technical, and some are somewhere in between. We don’t intend to exclude anyone, but obviously some blogs are more suitable for a technically knowledgeable audience than others.