Compressed URLs & Twitter

The Research team in San Diego has several Twitter accounts that we use, both to follow other people and to keep people who follow us informed about hopefully useful stuff like blogs and new papers. http://twitter.com/esetresearch is the official team Twitter account, but we also post stuff to http://twitter.com/ESETLLC and http://twitter.com/ESETblog, which have more followers at the moment. [Update: there’s also an account http://twitter.com/esetpr that PR contacts will find useful: I’ve only just become aware of it.]

If you use Twitter for this or other purposes, you’re probably aware that the site compresses URLs posted in tweets, usually with bit.ly, as far as I can see. You’re probably well aware that compressed URLs are frequently used by malware authors et al to conceal the true URL. bit.ly addresses this problem by filtering links through Google Safe Browsing, SURBL and SpamCop, which is reassuring, but is unlikely to catch every malicious site. bit.ly also makes available a Preview Plugin for Firefox that allows users to see more information about a site before they click on it. (Apparently Tweetdeck has a similar feature.) However, there’s no plugin for Internet Explorer (or, I presume, Chrome, Safari etc: I haven’t looked).

Personally, I prefer the tinyURL.com approach, which is browser-independent. If you go to tinyURL.com, you can enable a setting that will allow you to preview the real link whenever you click on a tinyURL on that particular machine. Alternatively, the person creating a tinyURL can send a version that begins http://preview.tinyurl.com/

I started using these a while ago, but got a couple of adverse comments from people who didn’t want to see the redirect. However, thinking about it (and given the increase in malicious compressed URLs) I’ve decided to start doing it again. Not because it will eliminate the problem altogether (I’m sure it won’t!) but because it might  at least make people aware that there’s a slightly safer way of doing it without telling them which browser they should be using. If you don’t like the redirect, all you have to do is paste the URL into your browser and delete the "preview." substring that comes after the "http://".

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Author David Harley, ESET

  • Eldon Santos

    Sigh, I’m just hooked to twitter fans right now. They actually do not do a lot for me personally, yet somehow it just simply delivers me a content sensation inside being aware of that many people are basically, well possibly reading what I write about.

    • David Harley

      @Eldon: whatever floats your boat…

  • Doug Lindauer

    You wrote "You’re probably well aware that compressed URLs are frequently used by malware authors". 
    No.  I'm not.  I don't even know what a compressed URL is.  Instead of assuming a reader is into the same stuff you know about, why not provide a link.  I just came to this blog via an email link from ESET about potential security threats on social networking sites.

    • David Harley

      A compressed URL is one that is shortened using a service such as bit.ly or tinyurl.com. If you type “compressed URL” into the “Blog Search” box on the blog page, you’ll find that we’ve posted several blogs on the topic. Our blogs are intended for a range of audiences: some blogs are intended for people who aren’t particularly technically oriented, some are pretty technical, and some are somewhere in between. We don’t intend to exclude anyone, but obviously some blogs are more suitable for a technically knowledgeable audience than others.

Follow us

Copyright © 2016 ESET, All Rights Reserved.