Spammers have created their own services to shorten URLs (uniform resource locators) in an apparent attempt to circumvent security measures in place at well-known shortening Web sites, according to Symantec.
So far, some 87 URL shortening sites have been set up by spammers, said Nick Johnston, a senior software engineer at Symantec. The spammers have used an open-source URL shortening script and have not built the code themselves. The shortened links are only appearing in spam emails that advertise pharmaceutical products at sites such as “Pharmacy Express,” he said.
In May, Symantec noticed some spammers were using their own shortened URLs, but further investigation showed it was actually just a Web site that appeared to be a shortened URL but then redirected people to the spam Web sites. This is the first time the spammers have employed a real URL shortener, Symantec said in its latest intelligence report for October. Why the sites have been left public is unknown.
All of the Web sites that are advertised in the spam runs, which are on several different IP addresses, are hosted by a U.K. division of a hosting company, which Johnston declined to identify. The company has been notified, but many of the spam sites are still online, he said. All of the domain names were registered in Russia, he said.
Shortened URLs are a bit of a problem when they’re abused since users can’t easily tell if they are being redirected to a Web site that might try to infect their computer with malicious software.
The shorter URLs are necessary on sites such as Twitter, when users need the space because of the 140-character limit. To combat abuse, Twitter has introduced its own shortening service, which checks to see if the target is a potentially dangerous Web site and listed on security blacklists. It also changed the way the shortened links are displayed to give users a better idea of where they are going.Post to Twitter Post to Facebook Share on LinkedIn Share on LinkedIn Share with Google+