Discussing Malicious Website URLs

Discussing Malicious Website URLs On Twitter

Introduction

I have recently come across an issue where good people wish to convey information about malicious websites to everyone. They’re doing very good work tying to keep us all safe and informed by discussing malicious website URLs (Universal Resource Locators), particularly on Twitter. Unfortunately Twitter creates a link in the text to anything looking like a URL. This means malicious websites that are mentioned by their URLs are given links allowing readers to accidentally go to them.

I’m not in favour of opening this door to malicious sites. I think it should be kept shut by not referring to a malicious site’s URL in the text of a tweet. It can instead be written as text within an image uploaded to Twitter. Then the image can be referred to from within the text. That way a link to the malicious site won’t be created since Twitter doesn’t discern text within an image.

What Happens When Discussing Malicious Website URLs

People obviously need to discuss the malicious sites they are concerned about and often add a link to take readers to a post explaining the problem in detail. Such a link is OK since it won’t take anyone directly to the malicious site.

Unfortunately they sometimes write the malicious site’s URL in the text of the tweet to say what site they are discussing. The malicious site’s URL is then seen by Twitter and converted into a hyperlink within the text. Readers can then accidentally click on this link and find themselves at the malicious site. I presume they would not want to do that and would prefer there to be no link.

When that tweet is then read directly on https://twitter.com/ the link to the malicious site can be seen and avoided even though it is linked to the malicious site and could be selected. Here is an example of such a tweet as it would appear on the Twitter website:

A different situation is presented for others, such as myself, who use the application ‘Tweetz Desktop’ on Windows computers. This app shows all links as [link] (in blue text) without saying directly where it goes. However the linked to site’s name is indicated indirectly in a label attached to the pointer as long as the app has focus and the pointer points to the link. Readers can then choose to select or avoid it. Unfortunately if they act too quickly, and fail to read the pointer label before selecting it, they will be there at the malicious site before they know it. A dangerous position for them to get into.

Here is an example of a tweet posted by Helpful Colin (with a dark red background) shown on Tweetz, as seen on a PC screen:

The first (unsafe) [link] is the one that points to the malicious website. The second (safe) [link] points to a post describing the problem with the site.

Keeping Readers Safe When Discussing Malicious Website URLs

To keep readers safe when discussing malicious website URLs on Twitter writers would do well by not mentioning the bad website directly in the text.

One way would be to refer to the example site ‘www.badwebsite.com’ (18 characters) as ‘www dot badwebsite dot com’ (26 characters).

However the writer then has to face the 280 (previously 140) character limit of tweets sooner since it takes 8 more characters to write about such a site.

Example of a Tweet with the Malicious Website mentioned in an image

My solution is to present the malicious website URL in an image on twitter which can be read by the reader but not by twitter. So it doesn’t get turned into a link. The image can then be referred to from within the text, e.g. ‘Be aware there is a new malicious website (see image) which you should all avoid.’ This only uses 11 characters to mention the malicious website compared to 18 or 26 for the two examples mentioned previously.

Here is an example of such a tweet as it would appear on the Twitter website:

Discussing Malicious Website URLs

Using this method Twitter readers can only go to the malicious site by actually typing the URL into their browsers. They can’t even cut and paste it directly.

How To Create An Image For Discussing Malicious Website URLs

Anyone using a Windows PC can create an image containing a malicious website URL by using Microsoft Paint. The Paint application is installed with Windows on Windows computers so no additional applications are required.

The process within Paint is:

  1. Adjust the canvas offered, when starting Paint, to create images for use on Twitter. Set it between: x = 505 pixels by y = 253 pixels minimum and x = 1024 pixels by y = 512 pixels maximum (see below).
    Discussing Malicious Website URLs
  2. Select the Text tool and click on the canvas to open a text box (see below).
    Discussing Malicious Website URLs
  3. Move the text box created to the top left corner of the canvas (see below).
    Discussing Malicious Website URLs
  4. Enlarge the text box to fill the canvas (see below).
    Discussing Malicious Website URLs
  5. Choose a font and set it to 24 pixels (or your choice).
  6. Write your message containing the bad URL (see below).
    Discussing Malicious Website URLs
  7. Centralise the text vertically by entering blank paragraphs before the text (see below).
    Discussing Malicious Website URLs
  8. Use ‘Save as’ on the File menu to save the image as a JPEG file for uploading to twitter. When viewed the image would look like this: 

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.