Sophos and bit.ly - making short links safer

Filed Under: Malware, Spam

bit.ly logo
Here's some good news if you're one of the millions of people who have come to depend upon shortened urls in your day-to-day life.

bit.ly, isn't just the default link shortening service used by Twitter, it's also widely used on other social networking sites and communications as a handy way to shorten a link.

For instance, bit.ly will convert a link such as:

http://www.sophos.com/pressoffice/news/articles/2009/11/bit.ly-agreement.html

to the much more manageable:

http://bit.ly/8JYaoV

Today, bit.ly announced that it was partnering with Sophos (and our friends at Verisign and WebSense) to offer additional protection to users clicking on short bit.ly links to defend against the possibility of them visiting a webpage created by spammers or phishers, or infected with malware.

Cybercrime on social networks

And that's important, because our research shows that spam, malware and phishing is far from uncommon on social networks.

bit.ly already does some great work filtering links to see if they might be malicious or objectionable, and provides the ability the users to preview the final destination of the link by adding a "+" to the end of any bit.ly URL, but partnering with security vendors such as Sophos should offer an even higher level of protection in future.

Malicious tweet spread via Guy Kawasaki's Twitter account

Of course, it shouldn't be forgotten that bit.ly is just one of many URL-shortening services out there - and I'm not aware of any which are currently working as hard to fight the bad guys as bit.ly are. It's possible that the cybercriminals might switch their focus to other less well-known URL shorteners when planting traps for unwary users - so now is not the time to let your guard down.

You can read the corporate propaganda from our PR folks about the partnership here.

, , , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.