Cybercriminals Use URL Shortening Services to Send Spam
According to security researchers at the German antivirus firm 'Avira,' cybercriminals are progressively exploiting URL shortening services to spread malware. As per the data collected by the company, the most exploited URL shortner website, in terms of phishing attacks is tinyurl.com. The website was launched in 2002 and since then, a total of 41.30% phishing attacks have been linked with this service.
Until 2009, tinyurl.com was the service of choice for Twitter users, but later on, the micro blogging website replaced it as its default shortner with Bit.ly. Since then, Bit.ly has become the second most exploited URL shortening service abused by the cybercriminals. According to Avira, an approximate of 15.29% of phishing attacks are associated with this website, placing it at the second rank.
r2me.com is at the third slot with a rate of 12.04%. The remaining top ten positions are occupied by the following URL shortening services, Snipurl.com (7.16%), lu.mu (6.50%), doiop.com (4.52%), notlong.com (3.55%), is.gd (1.93%), tiny.cc (1.81%), and sn.im (1.69%)
Further, Avira stated that in terms of URLs pointing to malware, the facts and figures were quite different. Both malware distributors and phishers don't have the same taste, when it comes to the URL shortners.
The firm comments that despite so many URL shortening services available, very few are frequently used. Actually, in terms of malware, there is no clear difference between the top three slots. The most exploited URL shortening service is k.im (27.87%), which is closely followed by notlong.com (27.05%) and tinyurl.com (18.85%).
In addition to the above three mentioned URL shortening services, the other services exploited by the cybercriminals to spread malware are - cli.gs (7.38%), bit.ly (7.38%), doiop.com (4.10%), ad.ag (2.46%), is.gd (1.64%), tr.im (0.82%), and snipurl.com (0.82%), ranked at the fourth, fifth, sixth, seventh, eighth, ninth and tenth positions respectively, as reported by Avira.
Sorin Mustaca, Manager of International Software Development at Avira, stated that these services usually had terms and conditions [...]. Nobody seemed to bother about these terms, in view of the amount of shortened URLs abused in illegal activities. At least some of these URL shortening websites, through specialized services, had started sorting out all the shortened links. On the whole, it was witnessed that more and more SPAM exploiting URL shortening services, as reported by softepedia on July 19, 2010.
Related article: Cheburgen.a: A New Email Worm
» SPAMfighter News - 30-07-2010