Phishers Using TinyURL to Divert Users to Malicious Sites
According to security company Trend Micro, phishing fraudsters are exploiting the TinyURL utility to keep malicious websites out of the notice of unsuspecting users. The TinyURL is a service on the web that allows brief aliases in diverting lengthy URL strings.
In a certain spam mail example discovered by Joey Costoya, Advanced Threats Researcher at Trend Micro, the malevolent link was intentionally elongated such that the TinyURL feature could be utilized to hide the phishing website.
This website, according to Trend Micro, spoofed Liberty Reserve, a company that offers services of online payment. Although the embedded link appeared authentic, it disguised as a TinyURL that takes to an infected web page. When unsuspecting users entered their login information, cyber criminals quickly stole it.
According to Trend Micro's Technical Communications Spokesman, Jake Soriano, the advantage for cyber criminals using TinyURL is related to their spam link whose true URL destination is hidden from the sight of users till at last they unknowingly land up on the phishing site itself, as reported by SCMagazine on February 5, 2009.
Jake added that recipients on the phishing site might subsequently be duped into following URLs that are spoofed as shrunk versions of the entity the spammer selects as his target. Also, according to Jake, the technique with TinyURL helps spammers to evade filters.
Meanwhile, the Malicious Code Research Center of Finjan also agrees to Trend Micro's observation of the abuse of the TinyURL function. Security researchers at Finjan reported that cyber criminals were turning to the TinyURL technique to avoid Safe Browsing mechanisms of today's web browsers such as Google's Chrome and Mozilla's Firefox, flagging the criminals' websites as unsafe.
Further, security researchers said that the TinyURL is not the lone utility being exploited in such a manner. Other URL-shortening utilities like is.gd, bit.ly, and w3t.org are also used by spammers. Interestingly, the same spammers abusing TinyURL are also using bit.ly.
Meanwhile, as per the best practice, security experts are advising users to first replace tinyurl.com with preview.tinyurl.com to obtain a given link's preview before actually visiting the page.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 24-02-2009