Shortened URLs Used in 2% of All Spam

    July 7, 2009
    Chris Crum

If it’s a tool that can make life on the web easier, you can pretty much guarantee that it will be abused by spammers. That is why it should come as no surprise that spammers are now abusing URL shortener services.

Representatives from Symantec’s MessageLabs contacted WebProNews to point out that just in the last couple of days, the presence shortened URLs in spam has skyrocketed. The prominent security company claims that shortened URLs now appear in over 2% of all spam.

URL shortener spam

As you probably know, these services have grown in popularity, pretty much thanks to Twitter, although they are often used in conjunction with other social networks. It is Twitter’s 140-character limit however, that really highlighted the need for such services. Twitter continues to gain popularity, and so do these services. Once anything becomes popular, you can it expect spam to follow.

Paul Wood "There are literally dozens of websites that offer URL shortening services and spammers have realized that using these services eliminates the need to solve a CAPTCHA or register an account," says Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec.

"The newly shortened URLs also help cybercriminals disguise the true destination of where their victims will click through to, posing further risks of entering websites used to conducting drive-by malware attacks as well as spam," adds Wood.

This is why it is a good idea to make sure you trust the person that is posting a link on Twitter. You never know when the intentions of strangers are malicious. Every time you click on a stranger’s shortened link, you’re taking a risk. I wouldn’t say that you have to know a person personally, but you should probably at least know something about them and their reputation. Although, Twitter has been known to experience account-hijacking issues.

While Twitter is a big reason that URL shorteners have gained popularity, it’s not the only way they’re being used – even by spammers. "Donbot, the botnet responsible for sending approximately five billion spam messages every day, is one of the main culprits for using this technique," says Wood. "Links of any size all need to be treated with caution."

Should this information discourage you from using URL shorteners or clicking on links that they produce? No. Just use judgment when clicking links. Think about trust. If you ever intend to read content linked to from Twitter, chances are you’re going to have to click on shortened URLs. That is as long as Twitter has its character limit in place.