URL Shorteners Being Used By Spammers To Lure Users

Scammers are now reportedly using URL shortening services, prominently being used by Twitter users, to intrude into computers by masking websites containing malware through these shortened links.

A study from a security-as-a-service company MessageLabs, part of computer security giant Symantec, discovered a notable surge in the URL shortening scams last month, after being comparatively non functioning in April and May, and now accounting for 2 percent, or 3 billion messages, of all spam mails.

Shortened URLs, from various services such as Bit.ly and TinyURL.com, enable spammers to mask users' real web addresses and are preferred to be used on social networking platforms such as Twitter, where length of a message limit to 140 characters.

URL shortening services don't usually require users for any sort of registration, thereby making it easier for scammers to launch spam attacks without actually necessitating them to go through Captcha code, a distorted word puzzle, to hide the domain names.

Paul Wood, an analyst with MessageLabs, pointed out Donbot, a major botnet, as the probable culprit behind the recent hike in these attacks, since the botnet is known for installing malware on victim's computer, usually via display advertising.

Quoting the same, Wood said: “Donbot, the botnet responsible for sending approximately five billion spam messages every day, is one of the main culprits for using this technique”.

and join more than 1650 other followers.

Our Comments

Twitter is the major reason why the number of URL Shorteners has exploded in the past few months. Tiny URL already has more than 275 million URLs in its database and generates more than two billion hits a month.

Related Links

Short URLs in spam skyrocket

(The Register)

Shortened URLs scams spike in June

(Brand Republic)

Twitter-style short URL spamming skyrockets

(IT Pro)

Spammers step up use of shortened URLs


Spammers using shortened URLs to spread their muck

(Tech Digest)

Symantec Finds Spammers Abuse Faith in URL Shortening Services