Users snared in URL shortening quagmire

By

URL shorteners exploit redirection to aid phishing attacks.

URL shortening has led to an increase in spam by almost 3 per cent in May, according to research.

Users snared in URL shortening quagmire

This includes 'fake URL redirection' where spammers establish phoney URL-shortening services to perform redirection.

According to the MessageLabs Intelligence Report, shortened links created on fake URL-shortening sites are not included directly in spam messages.

Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. The shortened URLs lead to another shortened URL on the spammer's fake URL-shortening website, which in turn redirects to the spammer's own website.

Symantec also detected that the new domains were registered several months before they were used, potentially as a means to evade detection by legitimate URL-shortening services.

 “We have been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques, so it was only a matter of time before a new technique appeared,” MessageLabs Intelligence senior analyst Paul Wood said.

“What is unique about the new URL-shortening sites is that the spammers are treating them as ‘stepping stones', a link between public URL-shortening services and the spammers' own sites”.

The report also found some 3142 websites each day harboured malware, an increase of 30.4 per cent since April, while 36.8 per cent of malicious domains blocked were new in May, an increase of 3.8 per cent since April.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?