Shortened URLs Are the Latest Spam Scourge

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Shortened URLs included in garden-variety emails and tweets are harder for antivirus and antispam applications to weed out, giving hackers another lucrative avenue to spread spam quickly and with much greater efficiency.

That's the word from security software vendor Symantec (NASDAQ: SYMC), which dedicated most of its July MessageLabs Intelligence report to the pesky shortened URLs that are pretty much a prerequisite for quickly sharing links to stories, tweets and images on Twitter and other microblogging services.

Symantec's report found that shortened-hyperlink spam hit a one-day peak of 18 percent of all spam emails on April 30, a total of more than 23.4 billion messages in one 24-hour period.

More troubling, Symantec security experts said, is the recent trend showing that shortened, spam-laden URLs are becoming as much a fabric of the spam culture as come-ons from Nigerian royalty and shady pharmaceutical dispensaries.

In the second quarter of last year, Symantec found that there was one day out of the three-month span during which shortened hyperlinks appeared in more than 1 in 200 spam messages. This year, however, there were 43 days when shortened URLs with spam accounted for 0.5 percent of all spam traffic and 10 days when the total surged to more than 5 percent of all spam messages.

"As far as spammers are concerned, any tactics that make it harder to block their spam emails are going to be exploited," Paul Wood, a senior analyst at Symantec's MessageLabs, said in the report.

"When spammers include a shortened URL in spam messages, these shortened hyperlinks contain reputable and legitimate domains, making it harder for traditional antispam filters to identify the messages as spam based on the reputation of the domains found in the spam emails," he added.

This alarming influx of shortened URLs containing spam and malware was to be expected, security experts say, as more and more people embrace Twitter, its messages' 140-character limit and the short URLs they often necessitate. And now that these shortened URLs with legitimate-looking domains are now being disseminated by botnets, the spammers are increasing their infection rate and generating lots of ill-gotten revenue.

Symantec's surveillance revealed that the infamous Storm botnet, which reemerged in May, is the main source of malicious shortened URLs, accounting for some 11.8 percent of spam in the category.

"While botnets are often the source of short URL spam, 28 percent of this type of spam originated from sources not linked to a known botnet, such as unidentified spam-sending botnets or non-botnet sources, such as webmail accounts created using CAPTCHA-breaking tools," Wood added.

The report discovered that that on average, one website visit is generated for every 74,000 spam emails containing a shortened URL link and the most frequently visited shortened links from spam received more than 63,000 website visits.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.