Twitter warms up malware filter

Twitter's new malware filter is a sign the social media site is stepping up efforts to stem attacks, but the measure has its shortcomings, say security experts.

Twitter's filtering mechanism was highlighted by Mikko Hypponen, chief research officer of F-Secure, in a blog post Monday. When a user tries to submit a tweet with a suspect Web link, the following warning appears:

"Oops! Your tweet contained a URL to a known malware site!"

Twitter's latest security measure was a positive one, especially in light of the current threats directed at the site, Hypponen told ZDNet Asia in an e-mail interview. The site, he noted, has been "attacked in many ways" including spam, worms such as Mikeyy, and phishing, he noted.

"None of these problems are at epidemic levels yet, but it's great to see Twitter take real action on this," he said.

Hacking is another challenge the popular microblogging site faces. In May, Twitter confirmed its network was hacked and some individual account information were leaked.

Dancho Danchev, independent security consultant and cyber threats analyst, noted that the site's latest security move was an indication "Twitter is finally moving from reactive to proactive security practices." However, he pointed out in a blog post on ZDNet Asia's sister site ZDNet.com, that the malware filter was "clearly still in development" and showed "disappointing results."

Danchev pointed to how a MySpace phishing page used in a tweet triggered the security filter, but was eventually accepted by adding a "http://" or removing the "www".

He noted that the site also allowed tweets containing links to several known malicious sites listed in Stopbadware's database, which has identified over 380,000 sites identified as unsafe. While it would not prevent the abuse of Twitter in the longer term, the failure to integrate such databases listing known malware was a "missed opportunity", Danchev said.

Twitter did not respond to e-mail queries from ZDNet Asia at press time.

Vivian Yeo of ZDNet Asia reported from Singapore.

[ErrantVenture]

If twitter's malware filter simply checks links against a list of sites known to proliferate malware, won't spammers just get around it by posting links that redirect to their malware sites? Seems like a very simple and easy to outwit security system

[woganmay]

All the filter has to do then is follow the redirects until it reaches the final landing page. So running your links through is.gd or even your own redirect service shouldn't stop it.

Of course, it helps if you're actually using a large database of malware sites, lol.

[ca5ter]

I'm so sick of hearing about Twitter, seriously, you so called reports need to start looking for new topics.

[Harrison912]

I use Twitter mainly to socially market my safety and security web site so I'm glad to hear they're taking care of this. Thanks, Vivian.