Symantec: Spammers Creating Fake URL-Shortening Services

Update: (6/9/2011, 3:10p MT) - Added comments about defending against fake URL-shortening links.

With the advent of Twitter driving the popularity of URL shortening services like Bit.ly, TinyURL, and goo.gl, it was inevitable that some enterprising spammers would cash in on the trend. According to Symantec, that's exactly what they're doing.

According to Symantec's May 2011 MessageLabs Intelligence Report, spammers are using bogus URL shortening services to redirect users to sites loaded with spam, malware, and other nasty stuff. The new attack method has contributed to rising spam rates, with Symantec's report indicating that 30 percent of emailed malware contained links to nefarious sites, an increase of 16.9 percent since April 2011. Symantec's report also pointed out that "the global ratio of spam in email traffic from new and previously unknown bad sources increased by 2.9 percentage points since April 2011 to 75.8 percent (1 in 1.32 emails)." Some other interesting tidbits from the report: Russia was the most spammed country with a spam rate of 82.2 percent, while Canada, the US, and the UK hovered around 75 percent (75.3%, 76.4%, and 75.4%, respectively).

Chart showing percentage of spam containing shortened URLs. (Image courtesy Symantec)

In a statement announcing the news, Symantec MessageLabs Intelligence Senior Analyst Paul Wood explained the nature of the threats in more detail. "MessageLabs Intelligence has been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques so it was only a matter of time before a new technique appeared," Wood said. "What is unique about the new URL-shortening sites is that the spammers are treating them as ‘stepping stones’ – a link between public URL-shortening services and the spammers’ own sites."

To defend against these threats, Symantec Abuse Desk Analyst Erik Park suggests IT pros could prevent these attacks by "educating their users about such threats" and employing a "comprehensive security suite to detect these emails in the first place." Symantec Senior Software Engineer Nick Johnston also suggested that customers using Symantec MessageLabs Email AntiSpam.cloud would benefit from "proprietary technology [that] effectively blocks URL-shortening spam, while still allowing messages using URL-shortening for legitimate purposes."

Does this latest security news make you reconsider using URL shortening services? Let me know what you think by adding a comment to this blog post or by starting up a conversation on Twitter.

Follow Jeff James on Twitter at @jeffjames3

Follow Windows IT Pro on Twitter at @windowsitpro

Related Content: