Peter Dinham
Wednesday, 08 July 2009 10:04
Business IT -
Security
There’s been a huge rise in the use of shortened URLs by spammers which poses a greater security threat to Internet users, including those accessing popular social network sites like Twitter.
Symantec – owned MessageLabs, in a report just
released, says the presence of shortened URLs in spam has skyrocketed
over the past few days, rising from almost nothing to over two percent
of all spam in the last week of June.
So, why is a shortened URL in a spam email so much of a threat? Well,
as MessageLabs warns, the website in the URL you’re directed to may
not, in fact, be what you think it is, and may just be a trick to lead
you right into trouble. The shortened URL, it seems, allows spammers to
hide the real web address they’re sending you to.
MessageLabs’ Paul Wood says there are literally dozens of websites that
offer URL shortening services and spammers have realised that using
these services “eliminates the need to solve a CAPTCHA or register an
account.”
Wood also says that, with many social networking sites providing
character restrictions on status updates and messages, the use of free
URL redirection services which turn lengthy web addresses into
shortened URLs is increasing in popularity with spammers for multiple
reasons.
He points out, for instance, that the newly shortened URLs help
cybercriminals disguise the true destination of where their victims
will click through to, posing further risks of entering websites used
to conducting drive-by malware attacks as well as spam.
“Donbot, the botnet responsible for sending approximately five billion
spam messages every day, is one of the main culprits for using this
technique. Links of any size all need to be treated with caution,”
warns Wood.