In March 2010, I analyzed about 1 million links taken from public tweets on Twitter. I showed that the number of malicious links was less than 1%.
I have scanned another 1.5 million links in the past 3 months from Twitter public time line (1,587,824 exactly). I analyzed these URLs and the server content to find how many of them lead to malicious pages by running them through the Zscaler cloud.
Before I go into the details, I'd like to make a few points:
- links were taken over several months, but they were analyzed immediately
- I gathered links from the public time line. Results for direct messages might be different
- the links may not be intentionally malicious, the page could have been compromised
The state of the Twitter links
 |
| Top-10 domains in Twitter URLs |
Bit.ly is still the leader in number of URLs on Twitter at 33% of all URLs, compared to only 5% for the number 2 spot (twitpic.com)! However, its market share has decreased, mainly because of the arrival of new URL shortener services from big names. Google, for example, arrives in the the top-10 domains with goo.gl, a service only available since December 2009. If we add youtube.com and youtu.be, Google represents 5% of all URLs.
Other social services are becoming more and more popular links in tweets: 4square (4sq.com) is #10, Facebook (fb.me) is #13
But the hierarchy of domains stays pretty much the same as in March, overall.
How many malicious links?
Like the previous analysis, I looked for phishing sites, malware, browser exploits, etc., but not spam.
The results are the same as previous: 0.07% (1149 links) of all links are dangerous.
 |
| Distribution of threats by type |
The distribution of malicious sites per domains is mainly the same as the total number of links per domain:
 |
| Distribution of malicious sites per domain |
twitthis.com has a high percentage of malicious links mostly due to hijacked Wordpress installations serving malware. As reported last time, mediafire.com is known to host malicious content. Some URLs shorteners like youtu.be and 4sq.com create short links for one domain only (youtube.com and foursquare.com), so they are never malicious.
This shows once again that the number of malicious links in public tweets is very low. Users should pay more attention to direct messages (private tweets), but overall they should feel safe using Twitter.
-- Julien
