Cybersecurity System IDs Malware Hidden in Short Twitter Links

A machine classification system can identify harmful website links on Twitter within seconds of being clicked

2 min read
Cybersecurity System IDs Malware Hidden in Short Twitter Links
Photo: iStockphoto

Twitter and Facebook users can all too easily get a computer virus when they click on malware links shared by unsuspecting friends. To identify such malicious links on social media, UK researchers have developed a system that recognizes potential cyber attacks within seconds of clicking on a shortened Twitter link.

The “machine classifier” system has learned to identify malware activity in the system logs of infected machines just moments after clicking on suspicious links, according to a Cardiff University press release. It proved capable of identifying possible cyber attacks within five seconds with up to 83 percent accuracy. Given half a minute, it could identify cyber attacks with up to 98 percent accuracy.

“URLs are always shortened on Twitter due to character limitations in posts, so it’s incredibly difficult to know which are legitimate,” said Pete Burnap, director of the Social Data Science Lab at Cardiff University in the UK, in a press release statement. “Once infected the malware can turn your computer into a zombie computer and become part of a global network of machines used to hide information or route further attacks.”

Shortened links pose an identification challenge for current anti-virus software as well as for social media users. That’s in part because many anti-virus solutions have a tough time detecting previously unseen cyber attacks without knowing their code signatures, Burnap said. By analyzing the machine logs for suspicious patterns, the new cybersecurity research could eventually help develop a real-time system capable of protecting Twitter and Facebook users.

The machine classifier system trained itself by analyzing tweets containing shortened URLs from the 2015 Super Bowl and cricket world cup finals. Burnap and his colleagues from several other UK universities hope to stress-test the system by analyzing Twitter traffic from the European Football Championships coming up next summer.

To collect and analyze those Twitter links, researchers used an open-source “client honeypot” called Capture HPC, which was originally developed by Victoria University of Wellington in New Zealand. The client honeypot acts as a security device capable of monitoring and isolating data to investigate it for suspicious activity.

In this case, Capture HPC looked for possible patterns of malicious activity related to malware by monitoring changes in the files, registry files and processes. It also ran within a Virtual Machine environment to further isolate the malware’s changes to the system. More details on the research come from a paper presented at the 2015 IEEE / ACM International Conference on Advances in Social Networks Analysis and Mining in August 2015.

The Conversation (0)

The Cellular Industry’s Clash Over the Movement to Remake Networks

The wireless industry is divided on Open RAN’s goal to make network components interoperable

13 min read
Photo: George Frey/AFP/Getty Images

We've all been told that 5G wireless is going to deliver amazing capabilities and services. But it won't come cheap. When all is said and done, 5G will cost almost US $1 trillion to deploy over the next half decade. That enormous expense will be borne mostly by network operators, companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens more around the world that provide cellular service to their customers. Facing such an immense cost, these operators asked a very reasonable question: How can we make this cheaper and more flexible?

Their answer: Make it possible to mix and match network components from different companies, with the goal of fostering more competition and driving down prices. At the same time, they sparked a schism within the industry over how wireless networks should be built. Their opponents—and sometimes begrudging partners—are the handful of telecom-equipment vendors capable of providing the hardware the network operators have been buying and deploying for years.

Keep Reading ↓ Show less