URL shorteners may be handy for your tweets on Twitter. But they're also known security holes since they don't display the actual address of your destination. A free tool from security vendor AVG may provide a solution.
AVG has updated its free LinkScanner tool to detect malicious pages hiding behind shortened URLs. The company said the tool checks the actual destination of each URL link to make sure the page is legitimate.
More than a dozen URL-shortening services abound on the Net, including TinyURL and Bitly. With its 140-character limit, Twitter automatically shortens URLs in each tweet via Bitly. Other services like WordPress also include a built-in URL shortener.
But Web browsers don't display the true address of a shortened URL, so you have no idea whether or not the destination page is safe. Hackers have easily been able to use the obscure nature of shortened URLs to conceal hazardous Web pages behind them.
"The problem with shortened links is that they usually don't bear any resemblance to the original URLs, which means that users don't always know what they're clicking," said Roger Thompson, chief research officer at AVG Technologies. "People click with the intention of going to a specific site, but the link can be easily hacked to send people to a site containing Trojans, spyware, rootkits, and other malware instead."
AVG, formerly known as Grisoft, bought LinkScanner in late 2007 as part of a larger acquisition. The tool has already proven helpful to Web surfers by analyzing Web pages behind each link that is either clicked on or typed into the browser.
Other solutions do exist to reveal the truth behind a short URL. The Web site LongURL can display the long version of a short URL. A plug-in called LongURL Mobile Expander can also translate from short to long.
But according to AVG, LinkScanner is now the only security tool on the market that can find poisoned Web pages behind a short URL. The company says it does not rely on blacklists and instead checks each link in real time.