Compressed URLs & Twitter

The Research team in San Diego has several Twitter accounts that we use, both to follow other people and to keep people who follow us informed about hopefully useful stuff like blogs and new papers. is the official team Twitter account, but we also post stuff to and, which have more followers at the moment. [Update: there’s also an account that PR contacts will find useful: I’ve only just become aware of it.]

If you use Twitter for this or other purposes, you’re probably aware that the site compresses URLs posted in tweets, usually with, as far as I can see. You’re probably well aware that compressed URLs are frequently used by malware authors et al to conceal the true URL. addresses this problem by filtering links through Google Safe Browsing, SURBL and SpamCop, which is reassuring, but is unlikely to catch every malicious site. also makes available a Preview Plugin for Firefox that allows users to see more information about a site before they click on it. (Apparently Tweetdeck has a similar feature.) However, there’s no plugin for Internet Explorer (or, I presume, Chrome, Safari etc: I haven’t looked).

Personally, I prefer the approach, which is browser-independent. If you go to, you can enable a setting that will allow you to preview the real link whenever you click on a tinyURL on that particular machine. Alternatively, the person creating a tinyURL can send a version that begins

I started using these a while ago, but got a couple of adverse comments from people who didn’t want to see the redirect. However, thinking about it (and given the increase in malicious compressed URLs) I’ve decided to start doing it again. Not because it will eliminate the problem altogether (I’m sure it won’t!) but because it might  at least make people aware that there’s a slightly safer way of doing it without telling them which browser they should be using. If you don’t like the redirect, all you have to do is paste the URL into your browser and delete the "preview." substring that comes after the "http://".

Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled):
ESET Threatblog notifications on Twitter:
ESET White Papers Page:

Securing Our eCity community initiative:

Author David Harley, ESET

  • Eldon Santos

    Sigh, I’m just hooked to twitter fans right now. They actually do not do a lot for me personally, yet somehow it just simply delivers me a content sensation inside being aware of that many people are basically, well possibly reading what I write about.

    • David Harley

      @Eldon: whatever floats your boat…

  • Doug Lindauer

    You wrote "You’re probably well aware that compressed URLs are frequently used by malware authors". 
    No.  I'm not.  I don't even know what a compressed URL is.  Instead of assuming a reader is into the same stuff you know about, why not provide a link.  I just came to this blog via an email link from ESET about potential security threats on social networking sites.

    • David Harley

      A compressed URL is one that is shortened using a service such as or If you type “compressed URL” into the “Blog Search” box on the blog page, you’ll find that we’ve posted several blogs on the topic. Our blogs are intended for a range of audiences: some blogs are intended for people who aren’t particularly technically oriented, some are pretty technical, and some are somewhere in between. We don’t intend to exclude anyone, but obviously some blogs are more suitable for a technically knowledgeable audience than others.

Follow us

Copyright © 2017 ESET, All Rights Reserved.