Spammers
have upped the game of fooling end users by establishing their own fake
URL-shortening services, according to a new report from Symantec.
The
dangers of clicking on unknown shortened URLs are higher now according to Symantec’s May 2011 MessageLabs
Intelligence Report. The report found that spammers have set up their own fake
URL-shortening services to trick unsuspecting Internet users into clicking on
the link and being directed to the spammer’s site, which could contain spam
advertising or malware. The Symantec report noted an increase in spam by 2.9
percentage points because of this new method of spamming.
Symantec
predicted this scheme in its Annual Security Predictions for 2011 report.
“I
do think it’s a problem, but I wouldn’t call it an enormous problem because the
potential audience for shortened URLs, it seems to me, is relatively small, but
I think it’s something people need to keep an eye on,” said Charles King,
principal analyst at Pund-IT. “What I think it’s going to do is increase the
currency and the value of established URL shortening services like TinyURL and
so on, and cause almost any new addition to that market to be somewhat suspect
until they become established.”
MessageLabs
has monitored spammers’ use of shortened URLs for years, and it was only a
matter of time before this new spamming technique emerged, said Paul Wood, senior
analyst at Symantec.cloud.
“What
is unique about the new URL-shortening sites is that the spammers are treating
them as stepping stones – a link between public URL-shortening services and the
spammers’ own sites,” Wood said.
Many
of these fake URL-shortening services were registered several months ahead of
launch, which Symantec believes may have been intentional to evade detection by
legitimate URL-shortening services.
Unfortunately
for end-users, there’s no easy way to avoid being taken in by URL-shortening
spam, whether it comes from a legit site or a spam site, King said. Although
TinyURL offers a preview function on its website so users can see what a
TinyURL-shortened site leads to, only a few legitimate URL-shortening sites
offer such a service. For the most part, people have no way to know where a
shortened URL will lead until they click on it.
Wood
offered some advice to stay as safe as possible.
“People
should always avoid clicking on links in email, even if from a trusted source.
Also, consider the content of the email first and whether you are expecting
something from the sender,” Wood said. “You may also contact the sender and ask
them if it’s a valid link, which will also help them understand if their system
is compromised and finally, make sure you have current AV and web security in
place.”
The
latest MessageLabs Intelligence report found that the global ratio of spam in
email traffic grew 2.9 percentage points from April to May to 75.8 percent (in
other words, one in 1.32 emails are spam). Email-borne viruses actually
decreased by 0.143 percentage points from April to 0.45 percent of all emails
(one in every 222.3 emails). Email-based phishing attacks also decreased
slightly at 0.06 percentage points to 0.349 percent (or one in 286.7 emails).
Web
security analysis showed that about 3,142 websites were harboring malware,
spyware and adware, which was an increase of 30.4 percent from April.
Russia
also achieved the dubious honor of being the most spammed country in the world
in May. In fact, 82.2 percent of all emails in Russia were spam. In comparison,
the United States was a little further down the list at 76.4 percent of all
emails being spam.
Symantec
also measured the amount of spam being sent to verticals. Those working in the
wholesale sector were hit the hardest in May (80.2 percent of their received
emails were spam), but others also experienced some fairly hefty spam traffic –
education at 77.4 percent, chemicals and pharmaceuticals at 76 percent, IT
services at 75.4 percent, retail at 75.4 percent, public sector at 74.5
percent, and finance at 74.7 percent. When it came to getting hit with malware,
though, the public sector was the most adversely affected, with one in 28.9
emails being blocked because of infection.