Symantec: Spammers Creating Fake URL Shorteners

Wednesday, May 25, 2011



According to Symantec's May 2011 Intelligence Report, the MessageLabs Intelligence team has found evidence that spammers have now begun creating fake URL shortening services to lure unsuspecting surfers to malicious sites.

Though spammers have used legitimate URL shorteners to disguise link destinations for some time, this is the first time that security researchers have documented the development of faux shortening services.

"Shortened links created on these fake URL-shortening sites are not included directly in spam messages; instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. Rather than leading directly to the spammer’s final Web site, these links actually point to a shortened URL on the spammer’s fake URL-shortening Web site, which in turn redirects to the spammer’s final Web site," the report states.

The addition of the fake URL shortening services adds an entirely new level of sophistication to the often elaborate methods spammers employ to mask their operations and keep a steady stream of traffic directed to their websites.

"The MessageLabs Intelligence team has been monitoring how spammers abuse URL-shortening services for several years, and have observed spammers using a wide range of these services, often creating thousands of links in a very short period of time on a single site. Using the aforementioned method of establishing their own Web sites, spammers also often create elaborate 'chains' where one short URL points to another URL from a different URL-shortening site. This is sometimes repeated more than ten times before arriving at the spammer's site," the report continues.

These developments deal yet another blow to legitimate URL shorteners who have been combating abuse of the services by criminal networks for the distribution of spam and malware.

“With legitimate URL-shortening services attempting to tackle abuse more seriously, spammers seem to be experimenting with ways to establish their own services to better avoid disruption. However, as long as new URL-shortening services are being created, we expect spammers to continue abusing them,” said a MessageLabs Intelligence Senior Analyst.

Other May 2011 Intelligence Report highlights include:

  • Spam – 75.8% in May (an increase of 2.9 percentage points since April 2011)
  • Viruses – One in 222.3 emails in May contained malware (a decrease of 0.14 percentage points since April 2011)
  • Phishing – One in 286.7 emails comprised a phishing attack (a decrease of 0.06 percentage points since April 2011)
  • Malicious web sites – 3,170 web sites blocked per day (an increase of 30.4% since April 2011)
  • 36.8% of all malicious domains blocked were new in May (an increase of 3.8 percentage points since April 2011)
  • 24.6% of all web-based malware blocked was new in May (an increase of 2.1 percentage points since April 2011)

 The full report can be accessed HERE.

Possibly Related Articles:
SPAM Symantec internet Headlines report Security Threats URL Shortener MessageLabs
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.