We’ve been exploring the issues we’re facing in social media and Dave and I have been talking about how we got here. One of the common issues we continue to see are links that claim to give access to a resource of interest, when in fact it’s a link to a piece of malicious software (malware).

Thinking back to how we got here, I recalled the first time I accessed a resource on the Web. It was with an early browser called Lynx. I went to a website and clicked on a link to a map of a building. Except, the browser couldn’t render the image file, I had to download it and open it with another program. The crude nature of this process made it very clear that the file I was accessing, picture.gif, was exactly that:  an image file.

Today, we access the same resources through increasingly confusing naming conventions. We used to tell people to pay attention to the URL they’re accessing. Today many of these addresses are encoded so that it’s impossible to discern what they are or where they’re located. When we started using Twitter, we had limited character space so we started to shorten the URLs, obfuscating them further.  This has made it very difficult to give guidance to people about safe practices in regard to URLs.

It’s still important to look at the links you’re clicking on and make an effort to determine if the destination appears to be legit.  www.gmail.ru is probably something you shouldn’t trust.

I’m not sure anyone is working on a solution for this and it’s probably going to get worse before it gets better. In the mean time, pay attention to the things you CAN recognize:

• Microsoft’s page on recognizing malicious URLs
• My favorite:  Carnegie Mellon has comic strips and a game to teach how to recognize phishing links

Do you have thoughts about how to improve the issue with URLs?  Do you know of anyone who’s working on this?

Last week Twitter announced that they had installed a service that will inspect some of the URLs that are submitted through its systems.  The issue they’re trying to solve is primarily in shortened URLs which hide the destination address.  It’s been used by bad guys to hide malicious destinations.  Dave mentioned this technique a couple weeks ago and gave some great tips on how to avoid the being a victim.  Maybe the Twitter security crew was listening?

In the announcement, Twitter mentions that they’ll focus on direct messages and email notifications about direct messages.  I applaud the effort and hope it’s effective.  I wanted to point this out and give Twitter props for working on the problem.  We’ll have to see how effective it is but it’s great to see an attempt toward progress.

Hopefully we’ll see more news like this from other social media providers.

Before we get started, are you running a Windows operating system with anti-virus software that’s up to date?  No?  Please stop reading this and go get that under control.  If you need AV software, see Dave’s post on FREE AV.  We’ll wait for you

We’ve talked about the current malware trends and I’m sure that’s not a surprise to anyone but I saw a couple reports recently that did surprise me.  Malware is being found in some very odd places.

Symantec researchers discovered malware lurking in software that monitors the charging status on a USB battery charger

Panda labs discovered malware on a new cell phone distributed by Vodaphone. They discovered variants of the mariposa bot and conficker…

It’s not clear how this happened but it’s obvious that the affect of malware is far reaching and can leak into our lives in unlikely ways.  It’s not the first time malware has been discovered in pre-packaged devices.  In 2008 there were reports of malware showing up in digital picture frames.

Message: Be cautious! Make sure you have anti-virus software running and keep it up to date.

Have any interesting virus stories? We want to hear about it.