Twitter’s new malware filter is a sign the social media site is stepping up efforts to stem attacks, but the measure has its shortcomings, say security experts.

Twitter’s filtering mechanism was highlighted by Mikko Hypponen, chief research officer of F-Secure, in a blog post Monday. When a user tries to submit a tweet with a suspect Web link, the following warning appears:

“Oops! Your tweet contained a URL to a known malware site!”

Twitter’s latest security measure was a positive one, especially in light of the current threats directed at the site, Hypponen told ZDNet Asia in an e-mail interview. The site, he noted, has been “attacked in many ways” including spam, worms such as Mikeyy, and phishing, he noted.

“None of these problems are at epidemic levels yet, but it’s great to see Twitter take real action on this,” he said.

Hacking is another challenge the popular microblogging site faces. In May, Twitter confirmed its network was hacked and some individual account information were leaked.

Dancho Danchev, independent security consultant and cyber threats analyst, noted that the site’s latest security move was an indication “Twitter is finally moving from reactive to proactive security practices.” However, he pointed out in a blog post on ZDNet Asia’s sister site ZDNet.com, that the malware filter was “clearly still in development” and showed “disappointing results.”

Danchev pointed to how a MySpace phishing page used in a tweet triggered the security filter, but was eventually accepted by adding a “http://” or removing the “www”.

He noted that the site also allowed tweets containing links to several known malicious sites listed in Stopbadware’s database, which has identified over 380,000 sites identified as unsafe. While it would not prevent the abuse of Twitter in the longer term, the failure to integrate such databases listing known malware was a “missed opportunity”, Danchev said.

Twitter did not respond to e-mail queries from ZDNet Asia at press time.

Source: CNET News

If your Web site is one of the more than 170,000 sites on the Internet that Google has tagged as hosting malware, you have a place to turn–StopBadware.org.

On Saturday, an error at Google changed the display of search results so that every site on the Internet was listed as having malware for about an hour. After that happened, StopBadware.org’s site was hit with so much traffic–67,000 or 13 times the normal daily number–that it led to a denial of service that had the site offline for nearly an hour and a half.

After initially saying StopBadware.org had contributed to the problem, Google retracted that and said it was solely the fault of the search engine. Meanwhile, StopBadware.org got 150 malware review requests over the weekend from people whose sites were tagged as harmful during the glitch.

“It was an unfortunate event, but it helps raise awareness of this real problem” of sites hosting malware, Maxim Weinstein, manager of the nonprofit StopBadware.org, said in an interview on Monday with CNET News.

An appeals body

From a five-person office on the Harvard campus in Cambridge, Mass., the organization serves as a sort of appeals body for people who argue that their sites shouldn’t be flagged as dangerous. In the high stakes game of e-commerce, getting tagged as dangerous can cost a Web site visitors and money.

The organization gets anywhere from 1,000 to 3,000 requests per month from Web site owners who think Google has unfairly tagged them as harmful to the Web surfing public, according to Weinstein.

For sites that host spyware, adware, or other software that interferes with peoples’ ability to control their computer, Google includes a warning along with the results that says: “This site may harm your computer.” If the searcher clicks on the result, a window pops up with a second warning that suggests trying a different search and offers direct links to StopBadware.org and related Google sites. To get to the flagged Web site a searcher has to type in the URL in the Web address bar.

Google offers an automated process for review requests, while StopBadware.org does the review manually.

Outside of the anomaly that occurred over the weekend, Google rarely has false positives, according to Weinstein. Many of the sites are indeed malicious, such as phishing sites hoping to steal sensitive data an unsuspecting visitor may type in thinking that the site is a legitimate bank site, for instance.

But most of the people who ask StopBadware.org for help are legitimate sites whose servers have been compromised, often because they are running Web server software with a vulnerability that has not been patched, he said.

Sometimes the malware is contained in the comments on a blog, and in other cases some people just aren’t using strong enough passwords to protect their Web hosting accounts.

A lot of bloggers use WordPress, which has a fair share of security weaknesses, and people don’t know they need to update the software, Weinstein said.

“Attackers run software scanning for WordPress blogs that are running vulnerable versions of the server software and then they run an attack that gets access to the site,” he said.

In the dog-eat-dog world of Web search, StopBadware.org shares a special status. The organization, launched in 2006 as a “neighborhood watch for the Internet,” was coordinated by Harvard Law School’s Berkman Center for Internet & Society. It gets data from Google, AOL, PayPal, Trend Micro, Lenovo and VeriSign, and Consumer Reports WebWatch is a special advisor.

“We’re independent but with friends in high places,” Weinstein said. “We get access to data from Google and other companies and…this allows for data analysis and research that no one else is able to do.”

In addition to offering a second opinion to aggrieved Web sites, StopBadware.org works on developing new approaches to addressing malware and offers the BadwareBusters.org forum where Web site owners can exchange information.

The organization has been focusing on identifying what it calls “borderline applications,” badware that isn’t obviously malicious but which exhibits behavior that malware does, such as installing extra software on the PC without informing the user and software that doesn’t uninstall when the user tries to get rid of it.

Representatives from Google, StopBadware.org’s closest partner, declined an opportunity to be interviewed about the organization following the weekend search snafu.

“We have a good ongoing relationship with StopBadware.org,” a Google spokesman said in an e-mail.

Source: CNET – Posted by Elinor Mills

We’re not quite sure what’s going on, but a couple of minutes ago any search result from Google started being flagged as malware with a message stating “This site may harm your computer”. Including Google’s own website as you can see above.

Twitter is abuzz with people reporting the massive error (also look for tags #googmayharm or #googmayhem), and it’s clear that this is happening around the world. Apparently, it’s happening with any browser on any platform too.

Clicking the message takes people to a support page from Google (image below), but this is being bombarded with millions of people right now so it’s very slow to respond. I saw the page briefly, and it pointed to StopBadware.org (which is obviously also loading slowly or not at all right now).

Update: it seems to be fixing itself. I’m having no more issues on Google Belgium, still getting warning messages for malicious software when I search Google.com. Also, it only seems to occur when you’re searching as a signed-in user now.

Update 2: it seems to be fine now. Lasted about 15 minutes. You can take a deep breath now and go on with whatever you were doing before

Now we just have to wait for Google to tell us what went wrong. It’s quite clear that a meltdown of this size, no matter how short it was, will be the topic of discussion for the coming days (and not only at the Googleplex, I’d wager).