• On GameFAQs: The top 100 most popular games!
October 29, 2009 9:59 AM PDT

Kaspersky tool detects malware in Twitter links

by Elinor Mills
  • Font size
  • Print
  • 6 comments

Kaspersky unveiled a new tool on Thursday called "Krab Krawler" that analyzes the millions of tweets posted on Twitter every day and blocks any malware associated with them.

The tool looks at every public post as it appears on Twitter, extracts any URLs in them and analyzes the Web page they lead to, expanding any URLS that have been shortened, Costin Raiu, a senior malware analyst at Kaspersky, said in an interview.

The company is scanning nearly 500,000 new unique URLs that appear in Twitter posts daily, he said. Of those, anywhere between 100 and 1,000 are malware attacks. Twitter has also been targeted by the Koobface virus which posts malicious links from infected users' accounts.

About 26 percent of the total posts contain URLs, and many of those lead to spam sites that are marketing products or services and aren't considered malware, according to Raiu. Tens of thousands of different accounts are posting spam links, most likely from accounts created by bots, he said. The most frequent URLs posted lead to online dating sites, he added.

Twitter has its own filtering system, but some malicious links still manage to get through, Raiu said.

While Kaspersky's regular antivirus software may detect and block 95 percent of the malware Twitter users are threatened with, malware code changes frequently to evade filters and it could take between two and 12 hours for new stuff to be classified as malicious and detected, he said.

While antivirus companies have traditionally focused on protecting e-mail-borne viruses, they are increasingly turning their attention to social-media sites as attackers do.

Trend Micro has technology that monitors Twitter posts for malicious URLs, as well as looks for attack patterns in the posts, such as use of popular terms to indirectly lead people to malicious links, said Morton Swimmer, a senior threat researcher at Trend Micro.

Meanwhile, Finjan offers a free browser plug-in dubbed SecureTweets that warns users when they encounter a malicious URL in Twitter, as well as Gmail, Blogger, MSN, MySpace, Google search, Yahoo, and other sites.

Social-media sites are popular for attackers not only because people are flocking to them, but also because users seem to trust messages that appear to come from friends on those sites more than they trust e-mails, Raiu said.

"People are worried about unsolicited e-mail, so they are careful not to run the programs they get by e-mail, but they aren't prepared to deal with these kinds of new attacks," he said.

The most common piece of malware associated with Twitter links is Trojan-Clicker.HTMLIFrame, a malicious JavaScript that can get downloaded to a computer when it visits a compromised Web site.

(Credit: Kaspersky)

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Recent posts from InSecurity Complex
Microsoft warns of IE exploit code in the wild
Chrome OS security: 'Sandboxing' and auto updates
Cisco launches iPhone security app
Fortified rice, fuel cells among Tech Award winners
T-Mobile UK says workers sold customer data
FAQ: Recognizing phishing e-mails
Report: Countries prepping for cyberwar
Antitrust concerns linger in Google Books deal
Add a Comment (Log in or register) (6 Comments)
  • prev
  • 1
  • next
by nrg.dude October 29, 2009 11:23 AM PDT
Now if the Kaspersky tool would just go ahead and flag all the SPAM tweets as "@SPAM" we could filter them out and life would be good.
Reply to this comment
by solitare_pax October 29, 2009 11:59 AM PDT
Wouldn't that just wipe out all the Tweets on Twitter though?
by codynews October 29, 2009 12:22 PM PDT
I don't use twitter because it's stupid, but if I did, and I was following what my friends were up to, *** would I have to be worried about? I don't think my friends are going to send me some dating site spam.

Or do people follow "bots" that send spam?

Meh, maybe I'm missing something. Personally I think everyone that uses twitter is a damn idiot.
Reply to this comment
by zeroplane October 29, 2009 12:25 PM PDT
Ditto.. I have this great way to prevent using Twitter malware.. don't user twitter..

There all fixed.
Reply to this comment
by BtmnHatesRbn October 29, 2009 8:09 PM PDT
This is a terrible idea and practice. Soon, sites that aren't even harmful, just offended one Marxo-Leftist, will be blocked and prevented from being seen. Having used Twitter for what, two? Two and half years? I haven't had one iota of a problem with "spam" or "malware". So, get real!
Reply to this comment
by Darren Dheilly November 3, 2009 8:57 AM PST
Get Real ? ... 2 1/2 Years Living on Twitter drop your Turban aget an Iota of real Life Man !
(6 Comments)
  • prev
  • 1
  • next
advertisement

The browser battles go on and on

roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.

3G wireless still holds promise

The next generation of 4G wireless may get all the headlines, but advanced 3G technology will likely dominate services for the next few years.

About InSecurity Complex

Elinor Mills became fascinated with hacker culture when she was sent to Las Vegas to cover DefCon in 1995. Since then, script kiddies have given way to cyber criminals targeting bank passwords, and privacy risks are everywhere, from Google to Facebook and the iPhone. InSecurity Complex keeps tabs on the flaws, the foibles, and the fixes.

Add this feed to your online news reader

InSecurity Complex topics

advertisement
advertisement
Click Here

Inside CNET News

Scroll Left Scroll Right