Kaspersky tool identifies malware in Twitter links

Technology.am (Oct 29, 2009) — Kaspersky revealed a latest tool on Thursday called “Krab Krawler” that examines the millions of tweets posted on Twitter each day and blocks whichever malware linked with them.

Kaspersky antivirus tool twitterThe tool looks at each public post as it shows on Twitter, extracts any URLs in them and investigates the Web page they direct towards, increasing any URLS that have been condensed, Costin Raiu, a senior malware analyst at Kaspersky, said in a meeting.

The company is scanning virtually 500,000 fresh exclusive URLs that become visible in Twitter posts every day, he said. Of those, somewhere among 100 and 1,000 are malware attacks. Twitter has too been besieged by the Koobface virus which posts malevolent links from infected users’ accounts.

About 26 percent of the entire posts contain URLs, and several of those lead to spam sites that are advertising goods or services and aren’t considered malware, according to Raiu. Thousands of diverse accounts are posting spam links, most probably from accounts produced by bots, he said. The most common URLs posted direct to online dating sites, he added.

Twitter has its individual filtering method, but a few malicious links still manage to get all the way through it, Raiu said.

While Kaspersky’s usual antivirus software might identify and block 95 percent of the malware Twitter users are endangered with, malware code changes regularly to avoid filters and it can take between two and 12 hours for fresh stuff to be classified as malevolent and detected, he said.

Even as antivirus companies have conventionally concentrated on shielding e-mail-borne viruses, they are progressively more whirling their concentration to social-media sites as attackers do.

Trend Micro has technology that supervises Twitter posts for malicious URLs; in addition to looks for attack patterns in the posts, for example use of well-liked terms to not directly guide public to malicious links, said Morton Swimmer, a senior threat researcher at Trend Micro.

In the meantime, Finjan offers a free of charge browser plug-in dubbed SecureTwitter that warns users when they come across a malicious URL in Twitter, plus Gmail, Blogger, MSN, MySpace, Google search, Yahoo, and additional sites.

Social-media sites are accepted for attackers not just because people are flocking to them, but in addition because users appear to trust messages that appear to come from friends on those sites more than they trust e-mails, Raiu said.

Photo credit: david.orban