Shortened links may not be as malicious as thought

Apr 05, 2010 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- Link-shortening services such as TinyURL seem ideal for criminals because they can disguise the names of malicious sites. Yet on Twitter - one of the most popular places for them - they may not be nearly as malicious as many industry experts fear, according to new security research.

Zscaler Inc., a company that sells security services, studied 1.3 million shortened links taken from Twitter over two weeks, before Twitter began in early March to examine such links for malicious content. Just 773 of those links - a mere 0.06 percent - led to malicious content.

Link-shortening services convert long Web addresses into shorter ones. They have become more popular as people spend more time on social-networking sites and share with their friends links to photos, news articles and other tidbits. They are especially important on Twitter, which restricts its posts to 140 characters.

Criminals can use them to trick people into visiting malicious sites because the links carry the names of the shortening services, such as Bit.ly or TinyURL, rather than the actual addresses of the sites.

Julien Sobrier, senior security researcher with Zscaler, said users seem to be paying more attention to such links because they know they are being taken elsewhere.

"Twitter's shortened URLs (links) aren't trusted by users," he said. "You know the link you're seeing is not where you'll actually go."

And if users are going to be suspicious, criminals have less incentive to use them.

Sobrier said the study shows that other sites, such as search engines, are more trusted because they're considered more sophisticated at filtering the content they present. So are better off manipulating search results to push their malicious links to the top of the rankings, he said.

It's hard to get a sense of how many of the links overall on Twitter are harmful, and how many are ultimately blocked by Twitter and the link-shortening services.

Twitter and TinyURL representatives did not respond to messages for comment. Bit.ly would say only that the rate of malicious links Zscaler found is in line with Bit.ly's own statistics.

Still, harmful content abounds from shortened links. Another research firm, ESET LLC, said last week that it found more than 1,000 malicious shortened links on that tried to infect people's computers as they looked for information on the Moscow subway bombings.

Explore further: Digital dilemma: How will US respond to Sony hack?

More information: http://research.zscaler.com/2010/03/analysis-of-more-than-1-million-of.html

4 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

As Web communication shrinks, so do links

May 31, 2009

(AP) -- On the short-messaging service Twitter, space is at a premium: You've got 140 characters to make your point, and you probably don't want to waste half of it on a super-sized link to your latest YouTube obsession.

Short Web address sites form link archiving group

Aug 17, 2009

(AP) -- The growing popularity of Web-address shortening services like bit.ly creates the potential for a bevy of broken links should one of the providers suddenly cease operations.

Recommended for you

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

UN General Assembly OKs digital privacy resolution

Dec 18, 2014

The U.N. General Assembly has approved a resolution demanding better digital privacy protections for people around the world, another response to Edward Snowden's revelations about U.S. government spying.

Online privacy to remain thorny issue: survey

Dec 18, 2014

Online privacy will remain a thorny issue over the next decade, without a widely accepted system that balances user rights and personal data collection, a survey of experts showed Thursday.

Spain: Google News vanishes amid 'Google Tax' spat

Dec 16, 2014

Google on Tuesday followed through with a pledge to shut down Google News in Spain in reaction to a Spanish law requiring news publishers to receive payment for content even if they are willing to give it away.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.