TWASE
Welcome
About
News
Contact
 
Engine
Scan Module
Twam Score
Status
 
API
Usage
Versions
Methods
Known Issues
FAQ
Support
Keys
Throttle
 
Methods
log
scan
status
 
Modules
account_age
at_spam
bayesian_filter
bio_spam_word
duplicate_reply
duplicate_tweet
follower_friend_ratio
full_name_common
full_name_regex
location_set
malware_link
profile_image
recent_tweet
retweet_frequency
screen_name_regex
trending_topic
tweet_spam_word
url_malware
verified

url_malware

description

Check the TSN's profile URL attribute to see whether it points to a known (to TWASE) malware site.

purpose

It has been observed that Twitter accounts set up with the sole intention of attracting users to malware sites have utilised the profile URL field to include a link a to site containing malicious software.

grading

GRADE 1 2 3 4 5
DESC URL not set or is not a Malware site n/a n/a n/a URL is a Malware site

Due to the nature of the attribute being examined, this module returns a Grade of 1 or 5 - there is no granularity between Grades 2-4.

If the profile URL is not set, or is not listed in TWASE's malware site database, the returned Grade is 1. Should the profile URL match a malware site in the TWASE database, the returned Grade is 5.

example

The following output pertains to a TSN that has a known malware site as their profile URL: 

<url_malware> 
	<date>1266681698</date> 
	<exec_time>8</exec_time> 
	<raw_data> 
		<url_set>true</url_set> 
		<ok_domain></ok_domain> 
		<malware_domain>malware.tld</malware_domain> 
	</raw_data> 
	<result>5</result> 
</url_malware>

Here, we have a TSN with a profile URL that is not a known malware site: 

<url_malware> 
	<date>1266682753</date> 
	<exec_time>72</exec_time> 
	<raw_data> 
		<url_set>true</url_set> 
		<ok_domain>barackobama.com</ok_domain> 
		<malware_domain></malware_domain> 
	</raw_data> 
	<result>1</result> 
</url_malware>

data

TWASE keeps a database of known malicious sites that is frequently updated from a number of reference sources and currently contains information on approximately 25,000 malware sites.

notes

Due to the possibility that a profile URL might be a short URL (generated from a service such as bit.ly), our API server will need to 'follow' this address to it's final destination before determining whether the end location reached is a malware site or not.

Because the API server needs to reach out to external (to TWASE) sites, the additional network latency associated with this will increase the overall API call execution time.

 
module/url_malware.txt · Last modified: 2010/02/28 10:51 by james