Twitter filters malicious URLs including shortened ones

twitter-logo.jpgInternet security company F-Secure has announced the discovery that Twitter is now following its advice to filter all posted URLs, including shortened ones, for malicious content.

Their screenshot, copied below, shows what happens if you try to post a link to a site that Twitter considers leads to malware.


The message “Oops! Your tweet contained a URL to a known malware site!” pops up and the message cannot be posted.

A source has told F-Secure that Twitter uses the Google API, so if Google considers it a dodgy site, presumably so will Twitter.

There hasn’t been an official announcement from Twitter yet, so at least a couple of questions remain unanswered:

  1. Is there some way of enforcing this via the Twitter API? In other words, if someone posts (intentionally or otherwise) a link to a malicious site from one of the many third-party Twitter clients and services (TweetDeck, for example) will those URLs be filtered?
  2. How much additional load will this place on Twitter’s servers? We’re already well accustomed to outages due to heavy demand. Is this filtering going to cause more problems?

Leaving the logistics aside, though, I’d generally consider it a good move. Not everyone has the additional protection offered by malware-aware web browsers, anti-virus software and the like. Anything that helps in the fight against scamware has to be a good thing. I just hope it’s not abused so that legitimate links end up being filtered out.

What do you think? Have you seen Twitter’s new URL filtering system working yet?


Leave a Reply

Your email address will not be published. Required fields are marked *