June 25, 2009 12:41 PM PDT
Finally, there’s a tool that can help prevent people from clicking on URLs that appear to come from friends on Twitter and other social media sites but which lead to sites hosting malware.
Web security firm Finjan began offering this week a free browser plug-in dubbed SecureTwitter that warns users when they encounter a malicious URL in Twitter, as well as in Gmail, Blogger, MSN, social networks MySpace and Bebo, news aggregators Digg and Slashdot, and the Google and Yahoo search sites.
SecureTwitter scans the Web pages that the URLs lead to in real time to analyze the code, as opposed to querying a database of blacklisted URLs, as other safe Web browsing services do, Yuval Ben-Itzhak, chief technology officer at Finjan, said on Thursday.
Green checkmark icons appear next to URLs that are deemed safe and red “X”s for URLs to sites with code that could be a virus, a Trojan, or other malicious program. Yellow question mark icons appear next to URLs that lead to a page that was not available for scanning by SecureTwitter for some reason.
SecureTwitter appears to be the first safe browsing service that scans URLs within applications and not just in search results or browser address bars.
In a quick test of the service I didn’t find any warnings for malicious URLs on the various sites, but it did put a yellow question mark next to URLs that appeared at the top of my Gmail page that linked to legitimate CNN articles, for some reason.
I would love to have SecureTwitter warn me about URLs in Facebook, but Facebook requires people to log in to see profiles on the site, which means the company would need people’s passwords to access those pages. Since the other sites do not, Finjan could easily scan the URLs on those sites without needing access to private information like log-in credentials, so that’s where the company decided to focus their efforts, Ben-Itzhak said.
The service would have protected followers of venture capitalist Guy Kawasaki, whose Twitter feed automatically re-distributed a malicious URL from an un-moderated section of a user-generated news site earlier this week.
It also would protect people against the kind of worm attacks that hit Twitter in April in which people who clicked on the name or image of someone whose account had been compromised by the worm got infected and re-broadcast the malicious message.
And SecureTwitter could protect Twitter users against a clickjacking attack, which also hit the site this year. In these attacks, clicks are basically hijacked and users forced to do things they don’t intend to, such as redistribute malicious Twitter updates.