Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response

Tweeting Misleading Applications

Created: 24 Sep 2009 20:48:07 GMT • Updated: 23 Jan 2014 18:32:36 GMT
Ben Nahorney's picture
+2 2 Votes
Login to vote

A lot can be said with 140 characters. It’s just enough to convey a point, but constricting enough to make things concise. No wonder microblogging sites such as Twitter have become so popular.

Unfortunately one of the limitations here is sharing Web pages with long URLs. In order to address this issue, URL-shortening utilities have grown in popularity on the site. Using such tools allows you to include a link well within the 140-character limit, which will redirect anyone who clicks it to the longer URL and thus the site you wanted to share.

There’s one downside here, from a security point of view—you’ll often have no idea where the link leads until you click it. Clicking any link like this is entirely a security leap of faith. Unfortunately malware authors have caught on to this and are currently distributing misleading applications using these shortened URLs. Using enticing tweets and commonly used twitter search terms, their goal is to get other users to click on their links, leading to malicious code.

The following video shows one of these malicious tweets in action:

Now, neither Twitter nor the URL shorting services are at fault here. This is simply another case where malicious attackers are using a neutral technology as a means to their deceptive ends. Both Twitter and the URL-shortening services are convenient technologies that we don’t see going away any time soon.

So how do you protect yourself? The good news is that both Firefox and Internet Explorer offer browser plug-ins that will check a shortened URL for you and show you the final URL before you even click on it. While this won’t tell you for sure if the link is malicious, it will at least allow you to look more carefully before clicking.

While the misleading applications currently being served up in this manner all seem look very similar today, we’re likely to see more variety in the future. If you’re running Symantec antivirus software, there’s no need to worry. The current IPS signatures will detect and block these risks from being downloaded onto your computer.