26% of Twitter messages contain links, half of which are from spammers and lead to malicious websites.

With only 140 characters per Twitter message, it makes sense to shorten URLs and leave characters to say what you have to say. But with shortened URLs you have no idea what your final web destination will be. A spreader of malware and malicious websites couldn't be happier!

Malicious Links in Abundance

Researchers at Kaspersky Labs have found that as many as one in every 500 links on Twitter lead to sites hosting malware. They have also discovered that about 26% of Twitter messages - tweets - contain links and about half of those are created by spammers and people with bad intentions.

The two most popular URLs that the Krawler found posted to Twitter so far passed through the system in September. Both directed users to online dating sites. One of the sites, getion.com, is known to have hosted malware in the past, Raiu said.

What Twitter is Doing

So why isn't Twitter doing something to keep its users safe?  Well, it is to an extent. In August Twitter started using a filtering system by Google to detect malicious URLs. The system checks the URLs against a blacklist and then either blocks the malicious URL from being posted or warns users to think before clicking on the link. However, the system only scans URLs that are shortened using the Bit.ly shortening service - the most commonly used on Twitter. Any links shortened using any of the over 200 other formats are not picked up by Twitter's filter.

Malicious URLs were discovered over a year ago before Twitter gained it's current level of popularity. Now, malware links regularly appear in "trending topics" where people are often checking to see what is the latest and greatest.

What You Can Do

• There are several companies that have developed more inclusive filters to sift through the shortened URLs on Twitter. Kaspersky [1] has developed the Krab Krawler that currently examines 500,000 unique URLs a day. Of the URLs examined, 100 to 1,000 a day are sites hosting malware.
• AVG Technologies offers LinkScanner [2], a tool that scans and strips URLs of any malware that they may contain. Finjan Inc. has a tool, SecureTwitter [3], that sends out a warning message when a malicious URL is detected.
• You also have the option of expanding the shortened link before you click on it. The bit.ly blog [4] has instructions on how to get the plug-in tool to expand bit.ly (and other) shortened URLs.
• Consider using stand-alone Twitter software such as TweetDeck [5]. They will often provide filtering of their own and/or a preference item to expand shortened URLs before you click them.

Video Interview with Kaspersky Lab Malware Researcher Costin Raiu

 Read more at the Threat Level blog [6]. Graph courtesy of Kaspersky Labs [1]