Security company Symantec has found that malware developers are again capitalising on the popularity of micro-blogging site Twitter.
In a statement, Symantec pointed to Twitter's URL-shortening tool, which limits tweets to 140 characters. The security vendor says people using Twitter are increasingly opting for URL-shortening tools in order to share links to stories or Web sites with their network of followers.
The downside is that the user has no way of identifying where the link leads until they click on it. Cyber criminals are distributing misleading applications using these shortened URLs, which results in the user clicking on a link containing malicious code.
Ben Nahorney, Symantec senior information developer, warns: “Malware authors are busy distributing misleading applications using these shortened URLs. Using enticing tweets and commonly used Twitter search terms, their goal is to get other users to click on their links, leading to malicious code.
“With the huge amount of fake celebrity accounts, users often do not know who they are interacting with, making clicking on a URL a huge leap of security faith,” he adds.
Nahorney says Twitter and the URL shortening services are not at fault. “It is simply another case of malicious attackers using a neutral technology as a means to their deceptive ends.
“To combat this it is worth noting that both Firefox and Internet Explorer offer browser plug-ins that will check a shortened URL and show the user the final URL before you even click on it.
“While this won't say for sure if the link is malicious, it will at least allow the user to look more carefully before clicking,” states Nahorney.
Share
