Sanford Wallace Loses Again; Owes Facebook $711 Million

It Doesn't Matter How Many Twitter URLs Are Malware... Only If People Are Clicking

from the misleading-with-stats dept

Fri, Oct 30th 2009 4:57am — Mike Masnick

Security companies love using stats to make something appear to be a bigger problem than it really is. Take for example this claim that links to malware are "abundant" on Twitter. The problem is that this is totally meaningless. Because you only see the tweets of people you follow, if spammers are putting up malware links, it only matters if anyone's following them and then clicking on the links. The number of links that point to malware alone is meaningless, because one "spammer" could just post a ton of malware links, but that won't mean a thing if no one is following them. The real question should be how often are people getting malware because of clicks on Twitter. Unfortunately, that data isn't provided.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: malware, twitter

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 30 Oct 2009 @ 5:17am

Hey, Mike, here's an idea. Get all your techdirt interns / employees to do nothing but click every link on every twitter feed they follow, and also to check some of the more popular hot topics of the day and click those too. Then see how many machines are infected.

Investigative journalism starts at home, right?
[ link to this | view in thread ]
follow this, 30 Oct 2009 @ 5:23am

Re:
Hey, AC, here's an idea. You do it and let us know what happens. Because, you know - this is a blog, not a journal.
[ link to this | view in thread ]
Anonymous Coward, 30 Oct 2009 @ 5:25am

Re: Re:
Except mike always says that bloggers are the real investigative journalists now. So why not?
[ link to this | view in thread ]
John Doe, 30 Oct 2009 @ 5:37am

Re: Re: Re:
Except he never states all blogs are investigative. Nice try though.
[ link to this | view in thread ]
Designerfx (profile), 30 Oct 2009 @ 5:39am

well, 2 things here
1: lots of people either have an autofollow bot or follow those who follow you first, common courtesy.

2: sometimes people will look at a user to see who they follow to see if they have others of interest, this potentially leading to bad links.

meanwhile, it's very very easy to tell a bad link versus a legit twitterer, the bad link twitters are the same as bad ads: make money working from home, etc etc
[ link to this | view in thread ]
Free Capitalist (profile), 30 Oct 2009 @ 5:53am

Not sure what the issue is here, Mike...
I'm not sure why you take issue with the article. As the writer points out, the greatest potential for exposure to the spam-malware is while using the trending tools to explore current topics. Since there are a lot of people I would assume are curious and explore current topics, I would say the article is apropos and a useful bit of cautionary information.

Unnecessary knee-jerk?
[ link to this | view in thread ]
Jon, 30 Oct 2009 @ 6:12am

Re: well, 2 things here
To your first point:

I can't imagine ever setting Twitter to auto-follow anyone who follows me. In fact, I take it a step further and block followers who are clearly marketers/spammers.

Frankly, I have enough trouble keeping up with the list of people who I *do* want to hear from... I can't imagine having to wade through remarkable marketing opportunities and clearance-priced 'Rolecks' ads as well.

In summation: let's stop calling auto-follow "common courtesy". Yes, perhaps it was nice back in the garden of eden days of Twitter, but it's just going to make it a useless marketing/spamming wasteland.
[ link to this | view in thread ]
Chronno S. Trigger (profile), 30 Oct 2009 @ 6:16am

How douse this work?
"As many as one in every 500 web addresses posted on Twitter lead to sites hosting malware"

That's 1 of 500 or 0.2% of all addresses posted on twitter.

"About 26 percent of Twitter messages contain a URL"

so now it's 0.05%(?) of all Twitter messages are malware.

"About half of those appear to be generated by spammers or by people with malicious intent, he said."

And now it's 13% of all twitter messages are malware?

Note: These three quotes are copied in order from the Wired article's first four paragraphs.
[ link to this | view in thread ]
Michael, 30 Oct 2009 @ 6:18am

Re: Not sure what the issue is here, Mike...
A valid point (not sure if it is Mike's - I don't want to speak for him) is that this is another example of a misleading use of statistics. The article is either written by someone with a fundamental misunderstanding of how Twitter works, or is intentionally misleading.

The number of messages with malware links being sent out on twitter is useless as they have studied it because it does not represent the number of those links that actually get to people. If nobody follows the malware spammer, sending the url a million times increases this stat but is no more damaging than not sending the messages at all.

If you only follow reliable, trusted people on Twitter, I would bet the percentage of malware links you get is zero.

The article is somewhat like counting the number of sharp sticks in the wooded areas of Vermont and then saying that it is dangerous to walk there because it is full of sharp sticks. Great, but since the majority of the population is walking on streets, sidewalks, and their neighbor's lawn, it tends to be less dangerous than these statistics indicate.
[ link to this | view in thread ]
Yann, 30 Oct 2009 @ 6:35am

It's not meaningless...
...and it has not much to do with following or not the malware account.
The malware authors are not counting on people stumbling into their tweets or following them : now instead of giving directly their malware link in the spam they send, they're giving the link to the tweet with the malware link. People are much more likely to follow a link in a mail or a blog comment to a well-known site such as twitter than to click on a link to randomdomainname.cn, and because twitter is usually not identified as a security risk they're quite likely to click on the link on the tweet (link wich can be further obfuscated by using a URL shortening service).
Such Twitter links are also a lot more difficult to automatically filter by security systems.
[ link to this | view in thread ]
Ryan, 30 Oct 2009 @ 7:12am

I bet a few..
I did a post about this a while ago (linked above) where I explained the frequency at which people auto-re-follow anybody who follows them. Combine that with the tinyurl style links that you don't know where they go until you click them - and it's a safe bet that a lot of people are clicking those links.

I did a test. I did a bit.ly url to example.com, and posted a tweet saying "don't click this link if you see it, it's malware" then posted the linnk. Out of my 350 followers, 15 clicked it within 30 seconds of being posted.

Based on all of the above, I bet quite a few people are actually visiting the malware sites - but certainly not as many as security companies claim.
[ link to this | view in thread ]
Anonymous Coward, 30 Oct 2009 @ 7:41am

The same logic applies to telephone arbitrage scams. Those companies are only in business because people call their phone numbers. It really applies to spam email too, if people did not click the links there would not be much point in spamming. There is a new sucker everyday, not sure how to fix that.
[ link to this | view in thread ]
Mike Masnick (profile), 30 Oct 2009 @ 8:23am

Re:
The same logic applies to telephone arbitrage scams. Those companies are only in business because people call their phone numbers.

What? That's entirely different. Spam and scam links are clicked because people are tricked into it, and it's dangerous for them. The telephone arbitrage scams have nothing to do with tricking people are doing harm to them.
[ link to this | view in thread ]
Anonymous Coward, 30 Oct 2009 @ 8:54am

Re: Re: Re: Re:
Ahhh... "do as I say, not do as I do".

Got it.
[ link to this | view in thread ]
Newbelius, 30 Oct 2009 @ 8:57am

Re: well, 2 things here
The problem really boils down to common sense being so darned uncommon.

In response to your two points:

1: people should not blindly follow others merely out of common courtesy. An autofollow bot (didn't know they existed) is just plain silly unless you are trying to farm for others to follow. Well, that's just plain silly too.

If you follow blindly, you are asking for trouble. If Hannibal Lecter (sp?) were to come by uninvited for tea and I give him that tea, fine. If I then go to his place for tea out of common courtesy, it would be my own fault that I am placed on his next menu.

2: I agree, but just like the web as a whole, one must click on links mindfully. I don't open every email. I don't click on every link. There are tell-tale signs of inappropriate links. People need to be more cognizant of those signs and act accordingly.

In both cases, common sense should prevail. Unfortunately, although people use common sense in the real world and manage to survive, on the web, people tend to ignore the fact that there are people with malicious intent. Ignorance is never bliss.
[ link to this | view in thread ]
Chronno S. Trigger (profile), 30 Oct 2009 @ 9:21am

Re:
The article is stating that their statistics don't really matter unless they include how many people fall for those links and you want Mike to double check Kaspersky's numbers? That's not investigative reporting, it's just irrelevant to the article.

As I've pointed out before (along with Kaspersky's numbers contradicting themselves) there are as few as 0.05% of Twitter posts that include links to malware sites (or as much as 13% depending on the paragraph you're reading). These numbers not only don't include how many are actually clicked but don't include the number of clicks that are blocked by anti-malware software.

These numbers are truly worthless and are blown more out of proportion by the company trying to sell you the solution.
[ link to this | view in thread ]
Math Sucks, 30 Oct 2009 @ 9:28am

Re: How does this work?
First one is right. 0.2%

"About 26 percent of Twitter messages contain a URL"

There is no mention that these are links to malware only that they are links... so it is 26% or 260 in every 1000

"About half of those appear to be generated by spammers or by people with malicious intent, he said."

Again no mention that these are all links to malware so again this is only 13% or roughly 130 in every 1000 messages are from spammers or by people with malicious intent.

However it was initially stated that in 1000 tweets there are 2 posts that are linked to malware. So in every 130 spam posts only 2 of them contain a link to malware.

Roughy 1.5% of the tweets from spammers or by people with malicious intent contain links to malware.
[ link to this | view in thread ]
Free Capitalist (profile), 30 Oct 2009 @ 9:28am

Re: Re: Not sure what the issue is here, Mike...
This article did not come off as being intended to generate a panic about Twitter, at least not to me.

I might complain that the article seems more like advertising for Kaspersky, which seems to get a lot of coverage lately.

However, once again, the article seemed to advise caution while using the trending tools to look into hot topics, not so much to stop trusting those you know and follow or to stop using Twitter.

In the end it should be no news to those already using restraint with e-mails and links, the same logic applies on Twitter, as others have pointed out here.

However, there are still plenty of gullible people out there opening malware e-mails, so it follows that an occasional cautionary article about targeted services is appropriate and worthwhile.

I don't see why the content of this article is any kind of issue at all. And as for the misuse of statistics, I'm still not seeing it in this case.
[ link to this | view in thread ]
tracker1 (profile), 30 Oct 2009 @ 9:40am

Dear twitter...
How about this, you can't follow more than 50 people unless someone follows you. You can't follow 10000% more people than follow you. That would resolve a lot of the spammy accounts on twitter.
[ link to this | view in thread ]
Anonymous Coward, 30 Oct 2009 @ 9:48am

Re: Re:
Fair enough, different product, different motivation, different benefits. But you can eliminate them in the same way - by ignoring them.
[ link to this | view in thread ]
Ryan, 30 Oct 2009 @ 9:59am

Heh
not that I've ever done it, but if you were to hypothetically get auto follow software, then auto tweet links to a webpage with CPM ads on it, you could theoretically make a few bucks per day with only about 5 minutes of work.
[ link to this | view in thread ]
Chronno S. Trigger (profile), 30 Oct 2009 @ 10:15am

Re: Re: How does this work?
No, my math is valid I just mixed in the spammers with the malware in the fourth paragraph.

1 out of 500 URLs point to malware (or .2%) and 26% of all twitter posts have URLs so .2% of 26% is .052%. 13% of all twitters (or half of the 26%) are from spammers or malicious people.

So we have two numbers here, 0.052% of all twitters point to malware and 13% of all twitters have bad URLs.

All these numbers are still kinda worthless without knowing the percentage of people that fall for them.
[ link to this | view in thread ]
ranon, 30 Oct 2009 @ 11:53am

What is really needed is something built into the browser which shows the full url on moving the mouse over the link. Currently you only see the shortened url (bit.rly/xxxx).

There may be extensions for this, but it would be a good idea to include this in the browser itself. Then one can see the link and decide if the website is trustworthy.
[ link to this | view in thread ]
Veronica, 30 Oct 2009 @ 12:24pm

Re: well, 2 things here
Exactly Designerfx - also, many spammers will lure you by sending you an @ reply with a malware link attached. This is one of their biggest ways of getting you to click. The only way to see what they're sending you is to click on their profile which will most likely have the same link sent to hundreds of people via their status updates.
[ link to this | view in thread ]
Jon B. (profile), 31 Oct 2009 @ 6:55am

I freaking HATE url shortening services. This is another reason why they shouldn't exist. You should be able to see the destination of a link before clicking on it. Twitter could easily be structured in such a way to do so without screwing up its whole 140 character thing.
[ link to this | view in thread ]
Fred, 30 Dec 2009 @ 7:25am

It is slipping my mind right now, but there is a FF extension that automatically displays the actual URL instead of the shortened one. A simple Google search should pull it up. That said, I don't think any of the onus here should fall on Twitter. It is impossible for them to prevent people from posting potentially malware hosting links. I mean, the whole thing is pretty much about sharing links with people.. I think using a shortener revealer, running some quality AV and just using common sense should all usurp any initiative Twitter woulod consider..
[ link to this | view in thread ]