Spammers Start Their Own URL-Shortening Services

By Chris Talbot  |  Print this article Print

You'd better think twice before you click on that shortened URL. Spammers are now setting up their own URL-shortening services to lure unsuspecting end users to malware and spam sites.

Spammers have upped the game of fooling end users by establishing their own fake URL-shortening services, according to a new report from Symantec.

The dangers of clicking on unknown shortened URLs are higher now according to Symantec’s May 2011 MessageLabs Intelligence Report. The report found that spammers have set up their own fake URL-shortening services to trick unsuspecting Internet users into clicking on the link and being directed to the spammer’s site, which could contain spam advertising or malware. The Symantec report noted an increase in spam by 2.9 percentage points because of this new method of spamming.

Symantec predicted this scheme in its Annual Security Predictions for 2011 report.

"I do think it’s a problem, but I wouldn’t call it an enormous problem because the potential audience for shortened URLs, it seems to me, is relatively small, but I think it’s something people need to keep an eye on," said Charles King, principal analyst at Pund-IT. "What I think it’s going to do is increase the currency and the value of established URL shortening services like TinyURL and so on, and cause almost any new addition to that market to be somewhat suspect until they become established."

MessageLabs has monitored spammers’ use of shortened URLs for years, and it was only a matter of time before this new spamming technique emerged, said Paul Wood, senior analyst at Symantec.cloud.

"What is unique about the new URL-shortening sites is that the spammers are treating them as stepping stones – a link between public URL-shortening services and the spammers’ own sites," Wood said.

Many of these fake URL-shortening services were registered several months ahead of launch, which Symantec believes may have been intentional to evade detection by legitimate URL-shortening services.

Unfortunately for end-users, there’s no easy way to avoid being taken in by URL-shortening spam, whether it comes from a legit site or a spam site, King said. Although TinyURL offers a preview function on its website so users can see what a TinyURL-shortened site leads to, only a few legitimate URL-shortening sites offer such a service. For the most part, people have no way to know where a shortened URL will lead until they click on it.

Wood offered some advice to stay as safe as possible.

"People should always avoid clicking on links in email, even if from a trusted source. Also, consider the content of the email first and whether you are expecting something from the sender," Wood said. "You may also contact the sender and ask them if it’s a valid link, which will also help them understand if their system is compromised and finally, make sure you have current AV and web security in place."

The latest MessageLabs Intelligence report found that the global ratio of spam in email traffic grew 2.9 percentage points from April to May to 75.8 percent (in other words, one in 1.32 emails are spam). Email-borne viruses actually decreased by 0.143 percentage points from April to 0.45 percent of all emails (one in every 222.3 emails). Email-based phishing attacks also decreased slightly at 0.06 percentage points to 0.349 percent (or one in 286.7 emails).

Web security analysis showed that about 3,142 websites were harboring malware, spyware and adware, which was an increase of 30.4 percent from April.

Russia also achieved the dubious honor of being the most spammed country in the world in May. In fact, 82.2 percent of all emails in Russia were spam. In comparison, the United States was a little further down the list at 76.4 percent of all emails being spam.

Symantec also measured the amount of spam being sent to verticals. Those working in the wholesale sector were hit the hardest in May (80.2 percent of their received emails were spam), but others also experienced some fairly hefty spam traffic – education at 77.4 percent, chemicals and pharmaceuticals at 76 percent, IT services at 75.4 percent, retail at 75.4 percent, public sector at 74.5 percent, and finance at 74.7 percent. When it came to getting hit with malware, though, the public sector was the most adversely affected, with one in 28.9 emails being blocked because of infection.