Spam and Malware Distributed Through Bogus ‘Bitly’ Web-Links

Malwarebytes the security company has warned that cyber-criminals are employing more and more of the copycat Bitly web-links for spreading spam and malware. Bitly, notably, is a well-known URL condensing facility.

During one assault, accounts in YouTube the video sharing online site were seeing exchanging different phony Bitly links, which should have taken onto non-chargeable downloads of video games rather endangered PCs with becoming contaminated with malware.

The web-links that were prefixed as btly[DOT]pw led Web-surfers onto the file sharing site YouTube for downloading and opening free files that, however, revealed to be certain Trojan virus. Once, Web-surfers were even directed for turning off their anti-virus programs in order to install the file.

Again within one more phony Bitly link scam, there was one spam scheme which took recipients onto one bogus British Broadcasting Corporation (BBC) website which promoted dubious dietary supplements such as Garcinia Cambogia.

Since condensed web-links do not provide exact description while may take onto a virus or other malware delivering site, just like within the above instance, it is best to utilize the masked window that when looks safe user can re-open the condensed web-link inside his usual browser, advises specialists.

Therefore, for avoiding the above kind of bogus campaigns from victimizing users, one should exercise caution when opening 'Bitly' links else any other web-link showing a condensed URL that may arrive in his inbox, Malwarebytes suggests.

Meanwhile according to Security Expert Jovi Umawing with Malwarebytes, one should note that Bitly's authorized site for condensed URLs is https://bitly.com where the prefix of condensed URLS is always bit.ly. Rest which imitates the actual condensed URL through Bitly requires being overlooked, reported as well as blacklisted, writes Umawing on company blog. Blog.malwarebytes.org published this, May 18, 2015.

Eventually, there has been other instances too when cyber-criminals have exploited Bitly service such as in 2014 when hackers compromised Bitly and managed towards accessing source code of the company along with usernames and passwords. This was the result of attackers hacking into a staff member's account that resulted in the company changing every login credential of its users while enabling the two-factor verification.

» SPAMfighter News - 6/3/2015