Malicious Tweets Not So Common

While there are plenty of warnings to users of the popular Twitter service to take care in following links, the dangerous reputation of the social network is somewhat undeserved, finds one researcher.

In a study of 1.3 million URLs culled from the public feed of Twitter updates, security researcher Julien Sobrier of Zscaler finds that only 0.06 percent of all URLs led to a malicious site. The majority of those 773 bad links — 92 percent — led to a site that attempted to install malicious code, while about 5 percent sent the user to a phishing site that attempted to convince the victim to give up sensitive log-in information.Overall, the researcher argues that many searches on Google return a far higher percentage of links to bad sites.

Bit.ly's filtering has not made the service safer than the average URL shortener, while MediaFire hosts a disproportionate number of bad links. (Source: Zscaler)

Moreover, while shortened URLs do not imply a destination, online criminals can create an official sounding domain to list in Google search results, says Sobrier.

“When you look at a Google search result, you might see something that looks like a good search URL, but when you click on it, you go to a completely different URL,” he says. “But when you see a Bit.ly URL, you know that is not your final destination.”

The data also suggests that Bit.ly and Twitter’s periodic scanning of URLs does not work to cull bad links. Bit.ly accounts for roughly the same percentage — about 40 percent — of bad URLs as it does overall links, according to Sobrier’s research, suggesting that it’s scanning of links has not minimized malicious attacks.