Twitter: Keeping the Bad Guys at Bay
Posted by: Stephen Wildstrom on April 13, 2009
Twitter, it turns out is more than just a way to keep up with what’s going on in the world, or among your acquaintances, in 140-character micro-blog posts. It’s also an effective way to infect computers with malware. But you can fight back.
Over the past few days, a lot of Twitter users discovered their accounts were sending out posts on their own, generally something containing the name Mikeyy. The culprit was a worm that infected users’ Twitter profiles (Facebook has had similar problems in the past). Fortunately, at least so far, the worm appears to be more of a nuisance than a genuine threat. The best way to defend yourself seems to be to avoid viewing Twitter profiles in your browser; the best way to do this is to use a third-party desktop client such as TweetDeck or Twhirl.
Twitter should move quickly to fix the site vulnerabilities that made the Mikeyy attack possible. But there's a deeper risk in Twitter that you should take steps to protect against. Lots of Tweets include links and because of the 140-character limits, these are generally converted into compressed addresses. By default, Twitter uses a service called TinyURL to do this; when you click on a link, you are actually taken first to TinyURL.com, then redirected to the underlying link.
The problem, of course, is that when you click on one of these compressed links, you have absolutely no idea where you will be taken; unlike a regular link, you can't look at the real address and decide whether it's in a neighborhood you really want to visit.
Fortunately, TinyURL offers a solution. If you visit the TinyURL Web site, you can select an option that will preview the real URL before taking you there. It adds a step, but it makes sense to check out those links first and if the preview turns up a funky-looking URL, you can cancel the request.
Of course, you should also practice safe surfing when visiting Twitter or any other site. Make sure your operating system and browser are fully patched, and always run antivirus software.