So you click on a link in a friend’s Tweet to see their vacation picture and the next thing you know your computer is bogged down in a malware miasma.
It can happen to the best of us – even those aware of malicious Web domains and the risks of malware can sometimes be caught off-guard on social networks. After all, we don’t expect our friends to be duping us into clicking on malware-infested links. But the micro-blogging service is often the target of spam attacks and your friends might have fallen victim.
We outlined how those attacks were occuring in “Abbreviated URLs are often shortcuts to Twitter malware.”
That’s why they’re now sending out messages with dangerous links. Not only could these get your home PC bogged down with malware, but it could put your company at risk of hacker attack if you’re using Twitter at the office.
Hackers are even targeting the URL shortening services to redirect links. Blogger Kevin Sablan was surprised to see an unexpected traffic spike after 2.2 million links were temporarily pointed at his blog post about Twitter hash tags.
It turned out that Cligs, the fourth-most popular URL shortening service on the Web, had been infiltrated and all of its links were instead pointing to Sablan’s post. It’s not clear why the hacker might do this, but Sablan wasn’t involved and the incident demonstrates a potential danger of the micro-URLs.
It’s difficult to detect these dangerous links because of the URL shortening service that is so popular on Twitter. Limited to 140 characters, everyone is crunching down those long links into service like TinyURL or bit.ly. The problem is, there’s no way to know where those links are really leading.
Until you look for a little help from some useful Web tools.
Stay safe on the Web
If you are accessing Twitter via it’s Web page then LongURL is your best option to steer clear of booby-trapped links. You’ll notice that hovering over these links doesn’t reveal the true domain, so you’ll need to take an extra step.
Simply open a browser tab with LongURL and paste in the suspect link you’d like to visit. Doing so will reveal the full URL of the final destination, so you can tell the difference between a Russian-hosted hacker haven and a nifty news site like ITBusiness.ca.
Just paste your URL into the box and hit expand to reveal the link’s true intent.
If you use Mozilla’s Firefox browser, there’s a slicker way to use the LongURL service. You can download a plug-in for the service and install it as an extension or a Greasemonkey script.
Now when you hover over those shortened URLs, a little box will display the title of the page and the full URL you’ll be surfing to.
Using a client to avoid hackers
TweetDeck is one Twitter client that’s built in a method to see a short URL’s true destination. Once the option to do so is turned on, users are provided a preview link and title after clicking on a short URL link. If the option is not turned on, then the Web site is opened in a browser after the first click.
Here’s how to turn on the feature in the latest version of TweetDeck (v 0.26.4):
- Click on the Settings icon (the wrench in the top right-hand corner)
- Under the “General” tab, click the “Show preview information for short URLs”
- Click “Save”
Now you’ll see the preview box when you click on those popular short URLs – no matter what service squeezed them down to tweet size.
Tweet safely, now.