Finjan offers free SecureTweets browser plug-in

New SecureTweets plug-in can protect people from worms, Trojans, and other malware attacks spread through Twitter, Gmail, MySpace, and other sites.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Oct. 30, 2009 11:10 a.m. PT

2 min read

Updated October 30 at 9:58 a.m. PDT: The software was called SecureTwitter when this article was first published. The name was later changed to SecureTweets and the article has been updated to reflect that.

Finally, there's a tool that can help prevent people from clicking on URLs that appear to come from friends on Twitter and other social media sites but which lead to sites hosting malware.

Web security firm Finjan began offering this week a free browser plug-in dubbed SecureTweets that warns users when they encounter a malicious URL in Twitter, as well as in Gmail, Blogger, MSN, social networks MySpace and Bebo, news aggregators Digg and Slashdot, and the Google and Yahoo search sites.

SecureTweets scans the Web pages that the URLs lead to in real time to analyze the code, as opposed to querying a database of blacklisted URLs, as other safe Web browsing services do, Yuval Ben-Itzhak, chief technology officer at Finjan, said on Thursday.

SecureTweets alerts Twitter users when a URL on the site leads to a page that appears to be hosting malware. Finjan

Green checkmark icons appear next to URLs that are deemed safe and red "X"s for URLs to sites with code that could be a virus, a Trojan, or other malicious program. Yellow question mark icons appear next to URLs that lead to a page that was not available for scanning by SecureTweets for some reason.

SecureTweets appears to be the first safe browsing service that scans URLs within applications and not just in search results or browser address bars.

In a quick test of the service I didn't find any warnings for malicious URLs on the various sites, but it did put a yellow question mark next to URLs that appeared at the top of my Gmail page that linked to legitimate CNN articles, for some reason.

I would love to have SecureTweets warn me about URLs in Facebook, but Facebook requires people to log in to see profiles on the site, which means the company would need people's passwords to access those pages. Since the other sites do not, Finjan could easily scan the URLs on those sites without needing access to private information like log-in credentials, so that's where the company decided to focus their efforts, Ben-Itzhak said.

The service would have protected followers of venture capitalist Guy Kawasaki, whose Twitter feed automatically re-distributed a malicious URL from an un-moderated section of a user-generated news site earlier this week.

It also would protect people against the kind of worm attacks that hit Twitter in April in which people who clicked on the name or image of someone whose account had been compromised by the worm got infected and re-broadcast the malicious message.

And SecureTweets could protect Twitter users against a clickjacking attack, which also hit the site this year. In these attacks, clicks are basically hijacked and users forced to do things they don't intend to, such as redistribute malicious Twitter updates.