Twitter takes action on spammers and scammers

Twitter is to start scanning all tweets from today in a bid to identify links to sites which may cause harm to users.

The scanning system is similar to those used by services such as Gmail, and will automatically check link destinations. Links embedded in personal messages will be routed through Twt.tl, Twitter's own URL compressor, for added safety.

"Today we are launching a new service to protect users that strikes a major blow against phishing and other deceitful attacks," said Del Harvey, director of Twitter's trust and safety team, in a blog post.

"By routing all links submitted to Twitter through this new service, we can detect, intercept and prevent the spread of bad links across all of Twitter.

"Even if a bad link is already sent out in an email notification and somebody clicks on it, we will be able keep that user safe."

The service will be rolled out initially on direct messages, Harvey said, since these are the most likely to be used for phishing and other scams. Such messages are usually sent when a Twitter account is compromised by malware distributors.

A URL scanning service for social media sites was widely discussed at this year's RSA 2010 conference. Security professionals are becoming concerned at the increasing volume of malware attacks on social media sites, which seek to capitalise on the trusted nature of such communications.

"Phishing attacks directed against Twitter are not new. Peers within a social network have a greater level of trust among themselves," said Sean Sullivan, a security advisor at F-Secure.

"The recent attacks could have something to do with some of the recent search engine deals that have been made. The bad guys can use social networking trust to enhance their search engine optimisation attacks."