MessageLabs – Spammers Aggressively Using Short URLs in E-mails

MessageLabs, an e-mail security provider, said on July 7, 2009 that it had witnessed a striking rise in the amount of spam mails consisting of truncated web addresses, another proof of the rising danger from shortened URLs.

The security provider also informs that the shortened URLs, which enable hackers to conceal authentic web addresses from web surfers and frequently used on social-networking websites such as Twitter where the length of message character is limited, stupendously increased in the first week of July 2009, and now come in 2% of total spam blocked in the spam trap of the firm.

Matt Sergeant, Senior anti-spam Technologist, MessageLabs, states that when this kind of spam or e-mail rises, it shows that a spammer has discovered some ways of automating the designing of these short URLs, as reported by CNETNEWS on July 7, 2009.

Matt Sergeant also stated that numerous URL shortening services made it more convenient for spammers to post long URLs on websites such as Twitter, but they also made it simple for hackers to lead web surfers to malware hosting websites.

Sergeant further added that an important spam botnet known as "Donbot" had been aggressively using this method. He also informed that "Donbot" seemed to be chiefly focused on showing ads, but could be associated to sites that leave malware on visitors' systems.

Symantec researchers said the new shortened URLs also aid attackers to mask the authentic destination where the users will click on them, creating more risks of entering websites which conduct drive-by-malware attacks and spam. Donbot is chiefly accountable for sending around five billion spam mails daily, and is one of the main botnets using this method. Links of any size should be treated carefully.

As per security experts, hackers have long resorted to redirecting methods to disguise their URLs. But the URL shortening services (which do not ask for registration and are free) save them from having to register for a redirect website. In few cases, they (services) solve a distorted word puzzle (generally known as CAPTCHA) to mask their domain name.

Related article: Mozilla Rules Out Bug in Its Firefox

» SPAMfighter News - 7/24/2009