It Doesn't Matter How Many Twitter URLs Are Malware… Only If People Are Clicking

from the misleading-with-stats dept

Security companies love using stats to make something appear to be a bigger problem than it really is. Take for example this claim that links to malware are “abundant” on Twitter. The problem is that this is totally meaningless. Because you only see the tweets of people you follow, if spammers are putting up malware links, it only matters if anyone’s following them and then clicking on the links. The number of links that point to malware alone is meaningless, because one “spammer” could just post a ton of malware links, but that won’t mean a thing if no one is following them. The real question should be how often are people getting malware because of clicks on Twitter. Unfortunately, that data isn’t provided.

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “It Doesn't Matter How Many Twitter URLs Are Malware… Only If People Are Clicking”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Hey, Mike, here’s an idea. Get all your techdirt interns / employees to do nothing but click every link on every twitter feed they follow, and also to check some of the more popular hot topics of the day and click those too. Then see how many machines are infected.

Investigative journalism starts at home, right?

Chronno S. Trigger (profile) says:

Re: Re:

The article is stating that their statistics don’t really matter unless they include how many people fall for those links and you want Mike to double check Kaspersky’s numbers? That’s not investigative reporting, it’s just irrelevant to the article.

As I’ve pointed out before (along with Kaspersky’s numbers contradicting themselves) there are as few as 0.05% of Twitter posts that include links to malware sites (or as much as 13% depending on the paragraph you’re reading). These numbers not only don’t include how many are actually clicked but don’t include the number of clicks that are blocked by anti-malware software.

These numbers are truly worthless and are blown more out of proportion by the company trying to sell you the solution.

Designerfx (profile) says:

well, 2 things here

1: lots of people either have an autofollow bot or follow those who follow you first, common courtesy.

2: sometimes people will look at a user to see who they follow to see if they have others of interest, this potentially leading to bad links.

meanwhile, it’s very very easy to tell a bad link versus a legit twitterer, the bad link twitters are the same as bad ads: make money working from home, etc etc

Jon says:

Re: well, 2 things here

To your first point:

I can’t imagine ever setting Twitter to auto-follow anyone who follows me. In fact, I take it a step further and block followers who are clearly marketers/spammers.

Frankly, I have enough trouble keeping up with the list of people who I *do* want to hear from… I can’t imagine having to wade through remarkable marketing opportunities and clearance-priced ‘Rolecks’ ads as well.

In summation: let’s stop calling auto-follow “common courtesy”. Yes, perhaps it was nice back in the garden of eden days of Twitter, but it’s just going to make it a useless marketing/spamming wasteland.

Newbelius says:

Re: well, 2 things here

The problem really boils down to common sense being so darned uncommon.

In response to your two points:

1: people should not blindly follow others merely out of common courtesy. An autofollow bot (didn’t know they existed) is just plain silly unless you are trying to farm for others to follow. Well, that’s just plain silly too.

If you follow blindly, you are asking for trouble. If Hannibal Lecter (sp?) were to come by uninvited for tea and I give him that tea, fine. If I then go to his place for tea out of common courtesy, it would be my own fault that I am placed on his next menu.

2: I agree, but just like the web as a whole, one must click on links mindfully. I don’t open every email. I don’t click on every link. There are tell-tale signs of inappropriate links. People need to be more cognizant of those signs and act accordingly.

In both cases, common sense should prevail. Unfortunately, although people use common sense in the real world and manage to survive, on the web, people tend to ignore the fact that there are people with malicious intent. Ignorance is never bliss.

Veronica (user link) says:

Re: well, 2 things here

Exactly Designerfx – also, many spammers will lure you by sending you an @ reply with a malware link attached. This is one of their biggest ways of getting you to click. The only way to see what they’re sending you is to click on their profile which will most likely have the same link sent to hundreds of people via their status updates.

Free Capitalist (profile) says:

Not sure what the issue is here, Mike...

I’m not sure why you take issue with the article. As the writer points out, the greatest potential for exposure to the spam-malware is while using the trending tools to explore current topics. Since there are a lot of people I would assume are curious and explore current topics, I would say the article is apropos and a useful bit of cautionary information.

Unnecessary knee-jerk?

Michael (profile) says:

Re: Not sure what the issue is here, Mike...

A valid point (not sure if it is Mike’s – I don’t want to speak for him) is that this is another example of a misleading use of statistics. The article is either written by someone with a fundamental misunderstanding of how Twitter works, or is intentionally misleading.

The number of messages with malware links being sent out on twitter is useless as they have studied it because it does not represent the number of those links that actually get to people. If nobody follows the malware spammer, sending the url a million times increases this stat but is no more damaging than not sending the messages at all.

If you only follow reliable, trusted people on Twitter, I would bet the percentage of malware links you get is zero.

The article is somewhat like counting the number of sharp sticks in the wooded areas of Vermont and then saying that it is dangerous to walk there because it is full of sharp sticks. Great, but since the majority of the population is walking on streets, sidewalks, and their neighbor’s lawn, it tends to be less dangerous than these statistics indicate.

Free Capitalist (profile) says:

Re: Re: Not sure what the issue is here, Mike...

This article did not come off as being intended to generate a panic about Twitter, at least not to me.

I might complain that the article seems more like advertising for Kaspersky, which seems to get a lot of coverage lately.

However, once again, the article seemed to advise caution while using the trending tools to look into hot topics, not so much to stop trusting those you know and follow or to stop using Twitter.

In the end it should be no news to those already using restraint with e-mails and links, the same logic applies on Twitter, as others have pointed out here.

However, there are still plenty of gullible people out there opening malware e-mails, so it follows that an occasional cautionary article about targeted services is appropriate and worthwhile.

I don’t see why the content of this article is any kind of issue at all. And as for the misuse of statistics, I’m still not seeing it in this case.

Chronno S. Trigger (profile) says:

How douse this work?

“As many as one in every 500 web addresses posted on Twitter lead to sites hosting malware”

That’s 1 of 500 or 0.2% of all addresses posted on twitter.

“About 26 percent of Twitter messages contain a URL”

so now it’s 0.05%(?) of all Twitter messages are malware.

“About half of those appear to be generated by spammers or by people with malicious intent, he said.”

And now it’s 13% of all twitter messages are malware?

Note: These three quotes are copied in order from the Wired article’s first four paragraphs.

Math Sucks says:

Re: How does this work?

First one is right. 0.2%

“About 26 percent of Twitter messages contain a URL”

There is no mention that these are links to malware only that they are links… so it is 26% or 260 in every 1000

“About half of those appear to be generated by spammers or by people with malicious intent, he said.”

Again no mention that these are all links to malware so again this is only 13% or roughly 130 in every 1000 messages are from spammers or by people with malicious intent.

However it was initially stated that in 1000 tweets there are 2 posts that are linked to malware. So in every 130 spam posts only 2 of them contain a link to malware.

Roughy 1.5% of the tweets from spammers or by people with malicious intent contain links to malware.

Chronno S. Trigger (profile) says:

Re: Re: How does this work?

No, my math is valid I just mixed in the spammers with the malware in the fourth paragraph.

1 out of 500 URLs point to malware (or .2%) and 26% of all twitter posts have URLs so .2% of 26% is .052%. 13% of all twitters (or half of the 26%) are from spammers or malicious people.

So we have two numbers here, 0.052% of all twitters point to malware and 13% of all twitters have bad URLs.

All these numbers are still kinda worthless without knowing the percentage of people that fall for them.

Yann says:

It's not meaningless...

…and it has not much to do with following or not the malware account.
The malware authors are not counting on people stumbling into their tweets or following them : now instead of giving directly their malware link in the spam they send, they’re giving the link to the tweet with the malware link. People are much more likely to follow a link in a mail or a blog comment to a well-known site such as twitter than to click on a link to, and because twitter is usually not identified as a security risk they’re quite likely to click on the link on the tweet (link wich can be further obfuscated by using a URL shortening service).
Such Twitter links are also a lot more difficult to automatically filter by security systems.

Ryan (profile) says:

I bet a few..

I did a post about this a while ago (linked above) where I explained the frequency at which people auto-re-follow anybody who follows them. Combine that with the tinyurl style links that you don’t know where they go until you click them – and it’s a safe bet that a lot of people are clicking those links.

I did a test. I did a url to, and posted a tweet saying “don’t click this link if you see it, it’s malware” then posted the linnk. Out of my 350 followers, 15 clicked it within 30 seconds of being posted.

Based on all of the above, I bet quite a few people are actually visiting the malware sites – but certainly not as many as security companies claim.

Mike Masnick (profile) says:

Re: Re:

The same logic applies to telephone arbitrage scams. Those companies are only in business because people call their phone numbers.

What? That’s entirely different. Spam and scam links are clicked because people are tricked into it, and it’s dangerous for them. The telephone arbitrage scams have nothing to do with tricking people are doing harm to them.

Fred says:

It is slipping my mind right now, but there is a FF extension that automatically displays the actual URL instead of the shortened one. A simple Google search should pull it up. That said, I don’t think any of the onus here should fall on Twitter. It is impossible for them to prevent people from posting potentially malware hosting links. I mean, the whole thing is pretty much about sharing links with people.. I think using a shortener revealer, running some quality AV and just using common sense should all usurp any initiative Twitter woulod consider..

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...