URL Shortening Services Exploited By Spammers

URL shortening services like TinyUrl have been around for a while now but with the advent of social networking internet_no_celularservices like Twitter which only allow messages of 140 words or less, their popularity has skyrocketed. This past week researchers have discovered that spammers are also taking advantage of the services, using them to mask their spam domains and get their messages past filters. Redirect services are also popular but URL shortening is more attractive because it requires no registration and no CAPTCHA to solve.

While the fake URLS used by phishers can be easily discovered simply by hovering your mouse pointer over them, the same is not true of URL shortening services and is one of their biggest shortcomings. The use of shortened URLs in spam messages has risen from 0 to 2% this week. The DonBot botnet is largely responsible, sending over 5 billion spam messages a day. Much of the spam using shortened URLs advertises weight loss pills and male enhancement products.

While there are new services cropping up that will lengthen shortened URLS without having to click on them, it is still a good idea to avoid clicking on shortened URLs sent to you by anyone you don’t know. Advise your employees to avoid using such services as well. Companies that use URL shortening services make customers and potential customers wonder what they’re hiding!

Written by Sue Walsh

1 Comment

  1. Prevent Phishing by Blocking URL Shortening Services · July 15, 2009

    […] was reported recently that popular URL shortening services are being exploited by spammers to circumvent common spam filters and trick users into following links to malicious web sites.  […]

Leave A Reply