Experiment 4: Did you check the link for malware?

Experiment conducted on Facebook and Twitter reveals that 97% of respondents will go ahead and click any link shared on their social platform without first checking it for malware.


News. Accidents, paranormal activities, scientific discoveries, security problems, predictions, wars, sink or black holes. What is the most interesting subject? And where can I read about all of them? That’s right: on the Internet. How about a selection of what’s really hot, then? We’ve got people with the same interests sharing links to all of these topics on social networks. But we’ve all also got cybercriminals exploiting human curiosity and sending infected content under the guise of these hot topics.

I set up this experiment in order to find out to what extent people observe the rule of checking the links provided to them on a social network to see if they lead to malware or not.

Setting the scene

Two well known social networks were used for this experiment. I set up an attractive, but “normal” test-profile: a 30 year old lady working in the advertising industry. A landscape picture was used for the profile so as not to influence the respondents.

The experiment itself

The experiment itself had two distinct parts: the first one was dedicated to the expansion of the test-user’s social “circle”, and it took 3 weeks; the second part aimed to test the social network users’ habits and it lasted 1 week.

In the first 3 weeks a simple algorithm was used: every day, I posted 3 shortened links related to interesting subjects: scientific discoveries, accidents, security problems, showbiz news. All were accompanied by a kind request: “if the link doesn’t work, please tell me in order to use another link shortening system”. All the users who wanted to “join my club” were welcome. I also posted 3-5 messages a day in order to properly communicate with my interlocutors.

In the 4th week, having secured my readers’ trust, I started with another algorithm: every day, I chose 3 URLs leading to webpages infected with malware, I introduced them into a shortened-link service, and, I modified just of one the letters in the newly generated link in order to make it unavailable, and, of course, inoffensive. Just as I had done during the first 3 weeks, I posted all of these malformed links together with the usual request: “if the link doesn’t work, please tell me in order to use another link shortening system”. In this way, I could check the minimum number of users accessing the respective link.

Whenever I received a “could not access the page” response from my interlocutors, I answered as follows: “sorry, did you try to check the link to see if it is infected? The link was safe, but maybe your antivirus system blocked it. Try this link, it’s the same story”.  The second link provided was a normal, “clean” link.


In the first 3 weeks, the test profile managed to include in its social network 1,928 users from 2 very well known social networks.

The results that follow refer to the last week only, when the so-called “infected” links were sent.

As it was expected, the results showed that some topics are more attractive for the users than the others.

The pieces of news related to accidents were the most accessed ones: at least 38% of users clicked the links related to this topic. 33% of the respondents showed interest in the showbiz news, 21% were eager to read about security, while 15% of them wanted to find out information about scientific discoveries.

 There remained the question of whether users check the links for malware before accessing them, 97% users answered that they didn’t run such a check, and that they actually went ahead and clicked the links when they were first posted.


Time is money, but you will lose more time disinfecting your system than you would checking an interesting link that you received.

No private information or other content arising or deriving from this inquiry has been collected. No data or confidential information pertaining to individuals or companies was or will be disclosed, used for any other purposes or against the persons who revealed it.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.