AVG has added a feature to its LinkScanner Web security product that scans shortened URLs, which can often blindly lead users into a malicious software attack.
LinkScanner, which AVG launched as a free product in April, performs real-time scanning of Web pages as users browse and blocks those pages that may have been rigged to exploit a software vulnerability.
There are many services that will shorten URLs, which are useful because the micro-blogging site Twitter limits posts to 140 characters or less. But the short URLs pose a particular danger since there’s no way to tell in the browser window where the link leads. Twitter as well as other social networking sites have seen malicious shortened URLs proliferate.
Around August, Twitter began filtering bad URLs using Google’s Safe Browsing API (application programming interface), which enables client applications to check against Google’s blacklist of known bad Web sites.
If someone posts a malicious link, Twitter warns that it leads to a known malware site and deletes the post. But Twitter’s security measure is only as good as the blacklist behind it, and it can take some time before a brand new bad site is added to the list. AVG contends the new LinkScanner feature is more reliable since it tests the link in real time.
LinkScanner is a free download. It’s not the only free product that can scan shortened URLs. In June, security vendor Finjan released a browser add-on called SecureTwitter, which is part of its free SecureBrowsing tool. In addition to Twitter, it scans links in social networking sites such as Bebo, Digg, MySpace and Gmail.