Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

Another 1.5 Million Twitter Links Scanned

image
JULIEN SOBRIER
October 28, 2010 - 2 min read
Security Insights

Contents

  1. Article
  2. More blogs

In March 2010, I analyzed about 1 million links taken from public tweets on Twitter. I showed that the number of malicious links was less than 1%.

I have scanned another 1.5 million links in the past 3 months from Twitter public time line (1,587,824 exactly). I analyzed these URLs and the server content to find how many of them lead to malicious pages by running them through the Zscaler cloud.

Before I go into the details, I'd like to make a few points:

  • links were taken over several months, but they were analyzed immediately
  • I gathered links from the public time line. Results for direct messages might be different
  • the links may not be intentionally malicious, the page could have been compromised


The state of the Twitter links

 

 

Image
Top-10 domains in Twitter URLs

 

 

 


Bit.ly is still the leader in number of URLs on Twitter at 33% of all URLs, compared to only 5% for the number 2 spot (twitpic.com)! However, its market share has decreased, mainly because of the arrival of new URL shortener services from big names. Google, for example, arrives in the the top-10 domains with goo.gl, a service only available since December 2009. If we add youtube.com and youtu.be, Google represents 5% of all URLs.

Other social services are becoming more and more popular links in tweets: 4square (4sq.com) is #10, Facebook (fb.me) is #13

But the hierarchy of domains stays pretty much the same as in March, overall.

How many malicious links?

Like the previous analysis, I looked for phishing sites, malware, browser exploits, etc., but not spam.

The results are the same as previous: 0.07% (1149 links) of all links are dangerous.

 

 

Image
Distribution of threats by type

 

 

 

The distribution of malicious sites per domains is mainly the same as the total number of links per domain:
 

Image
Distribution of malicious sites per domain
 

twitthis.com has a high percentage of malicious links mostly due to hijacked Wordpress installations serving malware. As reported last time, mediafire.com is known to host malicious content. Some URLs shorteners like youtu.be and 4sq.com create short links for one domain only (youtube.com and foursquare.com), so they are never malicious.


This shows once again that the number of malicious links in public tweets is very low. Users should pay more attention to direct messages (private tweets), but overall they should feel safe using Twitter.

-- Julien

form submtited
Thank you for reading

Was this post useful?

vote yes
Yes, very!
vote no
Not really

Disclaimer: This blog post has been created by Zscaler for informational purposes only and is provided "as is" without any guarantees of accuracy, completeness or reliability. Zscaler assumes no responsibility for any errors or omissions or for any actions taken based on the information provided. Any third-party websites or resources linked in this blog post are provided for convenience only, and Zscaler is not responsible for their content or practices. All content is subject to change without notice. By accessing this blog, you agree to these terms and acknowledge your sole responsibility to verify and use the information as appropriate for your needs.

Explore more Zscaler blogs

A cyber criminal shopping for malware

Agniane Stealer: Dark Web’s Crypto Threat

Read post
Business people walking through a city

The Impact of the SEC’s New Cybersecurity Policies

Read post
Digital cloud illuminated in blue

Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)

Read post
TOITOIN Trojan

The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region

Read post

01 / 02

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.