In a statement sent to GMANews.TV, security software maker Symantec cautioned the public against shortened URLs circulating on Twitter that link to malicious sites.
It is still very hard for users to spot the malicious links, as it is often a legitimate website that has been compromised and converted to host drive-by download attacks. Using Twitter's inbuilt http://t.co/ web shortener, the expand button (shown above) and updated security software may help. GMANews.TV "(Attackers) simply check the Twitter home page for trendy topics, which reveals messages that have been reposted several times already. The attacker selects one of these tweets containing a shortened URL, which is replaced with a different shortened URL, pointing to a malicious website," Symantec said. It is difficult for users to spot the malicious links, as these often lead to a legitimate website that has been compromised and converted to host drive-by download attacks. "Since the text in the messages is identical, the user cannot tell that the new shortened URL leads to a malicious website, rather than the original story. Therefore, some people will inevitably follow it wherever it may lead," the company explained. Symantec has advised Twitter users to install browser extensions that reveal the final destination of shortened URLs, as well as to have updated security software. Twitter administrators are already well aware of the problem, according to Symantec, and recommend using the social network's inbuilt t.co (
http://t.co/) URL shortener to maintain links within the ecosystem. Twitter is also working on the "expand" button, which will allow users to expand the shortened links when looking at search results so that users can be sure where the link leads. Twitter is reportedly working to make sure that the button works even when a link has been processed through several URL shortening services.
- GMANews.TV 
GMA Brandtalk
Tracking
Archives
