Skip to content

OPLIN 4cast #457: Shortened URLs pose a security risk

Posted in 4cast

Last updated on October 1, 2015


Shortened URLs are long web addresses that are compacted for the sake of brevity. They are very popular with users of Twitter, where the total character limit for a tweet is only 140 characters. To make the most of what little space there is, many Twitter uses make frequent use of link shorteners, such as or  One disadvantage of these compacted addresses is that the viewer often cannot tell where the link goes,  without actually clicking on it.  As a result, it is fairly easy for scammers to directly link to malware, disguising the link as something far more innocuous.  Users end up automatically downloading malicious code or content.  Widespread use of Twitter, especially during large events (such as sporting events or natural disasters), make Twitter a clear avenue for cyberattacks as traffic increases. Experts have been working to try to solve this problem.  Now, they may have.  Scientists at Cardiff University have designed an intelligent system that can identify malicious short links on Twitter.  The new system will be tested at the European Football Championships next summer.

  • With cyber-security threats increasing, it’s important for users to be aware of what they click (Tech News Today | Alison Peters) “The recently designed system identifies cyber-attacks with 98% precision within half an hour and has the ability to identify 83% of cyber-threats within 3 seconds respectively.”
  • Scientists stop and search malware hidden in shortened URLs on Twitter (Engineering & Physical Sciences Research Council) “The scientists collected tweets containing URLs during the 2015 Superbowl and cricket world cup finals, and monitored interactions between a website and a user’s device to recognise the features of a malicious attack. Where changes were made to a user’s machine such as new processes created, registry files modified or files tampered with, these showed a malicious attack.”
  • Hunting out malware hidden in short Twitter URLs (The Financial Express | ANI) “Lead scientist Pete Burnap said that unfortunately the high volume of traffic around large scale events creates a perfect environment for Cyber-criminals to launch surreptitious attacks. It is well known that people use online social networks such as Twitter to find information about an event.”
  • Researchers Trained an AI to Detect Malware Obscured via Twitter Short URLs (Softpedia) “Because cyber-criminals will provide insightful and interesting tweets along with their malware-infested URLs, this AI could benefit Twitter by allowing it to weed out misbehaving and abusive bot accounts.”‘

Articles from the Ohio Web Library: