Malicious URL Filtering on Twitter

Twitter has started tapping into Google's Safe Browsing API in order to detect and block URLs pointing to malicious websites. Security experts applaud the initiative, even though the new feature is still buggy and can be easily bypassed.

It looks like the flood of security threats that Twitter users have faced this year has prompted the administration of the micro-blogging platform to take a more proactive approach at security. F-Secure's Chief Research Officer, Mikko Hypponen, broke out the news yesterday that the website started filtering malicious URLs.

A screenshot of the feature in action reveals that, if someone tries to post a link pointing to a malicious Web address, Twitter returns an error, which reads, "Oops! Your tweet contained a URL to a known malware site!" and deletes the offending tweet.

Costin Raiu, chief security expert at antivirus vendor Kaspersky, suggests that Twitter is using the Google Safe Browsing API in order to determine the nature of URLs. "Surely, it won't catch everything but definitively a step forward, nice," he tweets. Mikko Hypponen has later confirmed that Google's blacklist is being used.

The implementation still has some serious imperfections, one of which being the inability to verify links generated with popular URL shorteners. This is a significant problem, since, because of the 140-character restriction, URL shortening is the most widely used method of posting links on Twitter.

Another issue seems to be that detection can be bypassed by stripping the www from a malicious URL or leaving it with http:// only. Nevertheless, several security experts have applauded the initiative and are sure that the service will be tweaked in time. Some of them have recommended a similar approach for other social-networking websites.

This new feature might be Twitter's response to Koobface, an infamous social networking worm that started targeting its users at the beginning of July. The worm works by hijacking Twitter accounts from the infected computers, and then using them to post malicious URLs that masquerade as links to videos.

Maybe, in time, Twitter will decide to tap into other blacklists as well, such as the phishing URLs one maintained at PhishTank. This service, which is operated by OpenDNS, also offers a free API for developers.