Twitter: Keeping the Bad Guys at Bay

Posted by: Stephen Wildstrom on April 13, 2009

failwhale.jpg
Twitter, it turns out is more than just a way to keep up with what’s going on in the world, or among your acquaintances, in 140-character micro-blog posts. It’s also an effective way to infect computers with malware. But you can fight back.

Over the past few days, a lot of Twitter users discovered their accounts were sending out posts on their own, generally something containing the name Mikeyy. The culprit was a worm that infected users’ Twitter profiles (Facebook has had similar problems in the past). Fortunately, at least so far, the worm appears to be more of a nuisance than a genuine threat. The best way to defend yourself seems to be to avoid viewing Twitter profiles in your browser; the best way to do this is to use a third-party desktop client such as TweetDeck or Twhirl.

Twitter should move quickly to fix the site vulnerabilities that made the Mikeyy attack possible. But there's a deeper risk in Twitter that you should take steps to protect against. Lots of Tweets include links and because of the 140-character limits, these are generally converted into compressed addresses. By default, Twitter uses a service called TinyURL to do this; when you click on a link, you are actually taken first to TinyURL.com, then redirected to the underlying link.

The problem, of course, is that when you click on one of these compressed links, you have absolutely no idea where you will be taken; unlike a regular link, you can't look at the real address and decide whether it's in a neighborhood you really want to visit.

Fortunately, TinyURL offers a solution. If you visit the TinyURL Web site, you can select an option that will preview the real URL before taking you there. It adds a step, but it makes sense to check out those links first and if the preview turns up a funky-looking URL, you can cancel the request.

Of course, you should also practice safe surfing when visiting Twitter or any other site. Make sure your operating system and browser are fully patched, and always run antivirus software.

TrackBack URL for this entry: http://blogs.businessweek.com/mt/mt-tb.cgi/

Reader Comments

John

April 13, 2009 12:17 PM

A lot of users? There were about 200. I'd say that's pretty dang good for a security risk that two people found in two days.

Woody

April 13, 2009 12:56 PM

What, if any, antivirus software is available for Blackberry Bold? Or any other 3G network handheld.

chronohart

April 13, 2009 12:57 PM

If you browse the web with Firefox, there's an add-on you can get that automatically converts any TinyURL links on a page to display the address it ultimately links to.

If you are running Greasemonkey, there are a few different user scripts you can get that do the same or similar things.

Pratik

April 13, 2009 01:09 PM

There are a few grammer mistakes in this posting -- bad job editing.

"Twitter should move quickly to fix the site vulnerabilities that made the Mikeyy attack possibly." The last word should be 'possible'.

"By default, Twitter uses a service called TinyURL to do this; when you click on a link, you are axctually taken first to TinyURL.com, then redirected to the underlying link." 'Actually' is spelled incorrectly.


Steve Wildstrom

April 13, 2009 01:13 PM

@Woody--There are a couple of obscure antivirus products for BlackBerry but at least at this point, they really don;t seem necessary. The BlackBerry design makes it very, very difficult for the standard attacks used against desktop browsers to work. At the same time, most handhelds really do not have a a lot of processing power to spare to run AV software.

Zeeray

April 13, 2009 01:30 PM

If you take precaution not to give user id and password to those spammy Twitter applications and stop downloading stuff, you should be fine. However, Twitter should get serious about this issue and take preventive action.

@zeeray
http://twitter.com/zeeray

bob

April 13, 2009 02:04 PM

Pratik: grammar is spelled with two a's.

If you are going to be a nazi, do it right!

Nazi II

April 13, 2009 06:02 PM

Twhirl, not Thwirl.

AXA

April 13, 2009 06:32 PM

May I ask , why all this sudden pumping of Twitter ?

Joshua

April 13, 2009 07:35 PM

LOL @PratikFAIL

Dingchao

April 13, 2009 09:30 PM

Why are there so many bad guys in the world?! We should find out them and put them into jails! They are the rubbish of our society, should be eliminated immediately!

@Dayngr

April 13, 2009 10:21 PM

There were way more than 200 users affected by this worm as a simple search on twitter would show.

Post a comment

 

About

BusinessWeek writers Peter Burrows, Cliff Edwards, Olga Kharif, Aaron Ricadela, Douglas MacMillan, and Spencer Ante dig behind the headlines to analyze what’s really happening throughout the world of technology. One of the first mainstream media tech blogs, Tech Beat covers everything from tech bellwethers like Apple, Google, and Intel and emerging new leaders such as Facebook to new technologies, trends, and controversies.

RSS Feed: Tech Beat

Categories

 

BW Mall - Sponsored Links

Buy a link now!