Symantec Warns of Increase in Spam Containing .gov URLs
Spammers are using 1.USA.gov addresses to redirect victims to malicious Web sites.
Symantec researchers report that spammers are increasingly leveraging .gov URLs in spam messages.
"Traditionally, .gov URLs have been restricted to government entities," notes Symantec's Eric Park. "This brings up the question of how spammers are using .gov URLs in spam messages. The answer is on this webpage: '1.USA.gov is the result of a collaboration between USA.gov and bitly.com, the popular URL shortening service. Now, whenever anyone uses bitly to shorten a URL that ends in .gov or .mil, they will receive a short, trustworthy 1.usa.gov URL in return.' While this feature has legitimate uses for government agencies and employees, it has also opened a door for spammers. By using an open-redirect vulnerability, spammers were able to set up a 1.usa.gov URL that leads to a spam website."
"For example, Idaho's Department of Health and Welfare has an open redirect that will send users to a specified URL without first prompting the user," writes ZDNet's Michael Lee. "This means that anyone shortening a URL like http://www.healthandwelfare.idaho.gov/LinkClick.aspx?link=http://www.google.com could create an equivalent 1.USA.gov address for it, including those redirecting to malicious URLs."
"Symantec is reporting that during a one-day period, from Oct. 17 through Oct. 18, the number of 1.USA.gov clicks leading to illegitimate sites increased by more than 10 percent," writes Nextgov's Aliya Sternstein.
"This is a perfect example of why you should never blindly click on a link, even if it appears to be legitimate," writes The Next Web's Emil Protalinski. "If you can help it, only navigate to websites manually, and don’t click on links that are shared with you unless you absolutely know what they are."