A new report from Symantec's MessageLabs finds that short URLs in spam have reached a "historical peak". This type of spam has increased significantly over the past year.
Spam containing shortened links hit a one day peak of 18%, or 23.4 billion spam emails, on April 30, 2010, doubling last year's peak levels when spam with shortened links accounted for 9.3% of spam (more than 10 billion spam emails) on July 28, 2009.
"As far as spammers are concerned, any tactics that make it harder to block their spam emails are going to be exploited," says MessageLabs Intelligence Senior Analyst, Paul Wood. "When spammers include a shortened URL in spam messages, these shortened hyperlinks contain reputable and legitimate domains, making it harder for traditional anti-spam filters to identify the messages as spam based on the reputation of the domains found in the spam emails."
"While botnets are often the source of short URL spam, 28 percent of this type of spam originated from sources not linked to a known botnet such as unidentified spam-sending botnets or non-botnet sources such as webmail accounts created using CAPTCHA-breaking tools," adds Wood.
Average daily values also show a significant increase in use of the tactic, the company says. In the second quarter of '09 there was only one day when shortened links appeared in over 1 in 200 spam messages. In the second quarter of 2010 there were 43 days when this occurred. There have been 10 days where at least 5% of all spam contained these links.
The report, which analyzes other spam trends as well, can be found here in its entirety.