April 6, 2010

Shortened URLs Not So Dangerous After All

Shortened URL links posted to Twitter accounts, long suspected of being used to disguise the identity of malicious websites, are often not as dangerous as many believe, according to the findings of a new study.

Representatives from the Zscaler securities firm studied more than 1.3 million URLs posted at the popular social networking website, both before and after it implemented a new security scanning system to protect users. According to their findings, only 773 of the links (0.06-percent) redirected surfers to harmful websites containing phishing scams or malware.

Pages containing spam were not counted as harmful for the purposes of the study.

On the company's official homepage, Zscaler's senior security researcher Julien Sobrier said, "Twitter, and the URL shorteners it has helped to popularize, have long been blamed for leading users to malicious sites"¦ [but] it is actually much safer to follow links from Twitter that from some search results on Google!"

However, Sobrier warns, "Malicious websites try to hide their malicious content to non-users by checking the user agent or geography and by requiring a real browser which fully understands Javascript, Flash, etc.  An attacker can present harmless content to the Twitter"¦ scanners, but harmful content to a real user."

Zscaler was founded by Jay Chaudhry and K. Kailash in August 2008, and provides an "in-the-cloud" security service against malware. In 2009, they were labeled one of the "10 Start-Ups to Watch in '09" by NetworkWorld, adding that they had done "an excellent job building a scalable infrastructure to support customers without a noticeable performance hit" and that their service was "ideal for customers that have to support mobile users, home PCs or branch offices."


On the Net: