Kaspersky tool detects malware in Twitter links
"Krab Krawler" looks at Twitter posts, extracts any URLs in them, and analyzes the Web page they lead to, blocking any malware associated with them.
Kaspersky unveiled a new tool on Thursday called "Krab Krawler" that analyzes the millions of tweets posted on Twitter every day and blocks any malware associated with them.
The tool looks at every public post as it appears on Twitter, extracts any URLs in them and analyzes the Web page they lead to, expanding any URLS that have been shortened, Costin Raiu, a senior malware analyst at Kaspersky, said in an interview.
The company is scanning nearly 500,000 new unique URLs that appear in Twitter posts daily, he said. Of those, anywhere between 100 and 1,000 are malware attacks. Twitter has also been targeted by the Koobface virus which posts malicious links from infected users' accounts.
About 26 percent of the total posts contain URLs, and many of those lead to spam sites that are marketing products or services and aren't considered malware, according to Raiu. Tens of thousands of different accounts are posting spam links, most likely from accounts created by bots, he said. The most frequent URLs posted lead to online dating sites, he added.
Twitter has its own filtering system, but some malicious links still manage to get through, Raiu said.
While Kaspersky's regular antivirus software may detect and block 95 percent of the malware Twitter users are threatened with, malware code changes frequently to evade filters and it could take between two and 12 hours for new stuff to be classified as malicious and detected, he said.
While antivirus companies have traditionally focused on protecting e-mail-borne viruses, they are increasingly turning their attention to social-media sites as attackers do.
Trend Micro has technology that monitors Twitter posts for malicious URLs, as well as looks for attack patterns in the posts, such as use of popular terms to indirectly lead people to malicious links, said Morton Swimmer, a senior threat researcher at Trend Micro.
Meanwhile, Finjan offers a free browser plug-in dubbed SecureTweets that warns users when they encounter a malicious URL in Twitter, as well as Gmail, Blogger, MSN, MySpace, Google search, Yahoo, and other sites.
Social-media sites are popular for attackers not only because people are flocking to them, but also because users seem to trust messages that appear to come from friends on those sites more than they trust e-mails, Raiu said.
"People are worried about unsolicited e-mail, so they are careful not to run the programs they get by e-mail, but they aren't prepared to deal with these kinds of new attacks," he said.
