News
New Spam Trick: Shortened URLs
URL-shortening services are giving spammers a new way to reach mass audiences, according to new research from MessageLabs
By Joan Goodchild, Senior Editor
July 09, 2009 — CSO —
Shortened URLs, a service on many sites that turns lengthy Web addresses into shorter URLs, is rapidly becoming a popular way for spammers to reach unsuspecting readers. New analysis from Symantec's MessageLabs finds shortened URLs now account for 2 percent of all spam in inboxes (See also: Spam is More Malicious than Ever).
The presence of shortened URLs in spam has skyrocketed just in the last few weeks, according to Matt Sergeant, senior anti-spam technologist at MessageLabs.
"We've been monitoring the use of short URLs in regular email spam for the past few months and noticed that it had been used in small spam campaigns. However, in the middle of last week, we saw it increase exponentially, said Sergeant. "It went from practically nothing to 2.23 percent of total spam today (July 8th)."
The technique has picked up speed because the emails are being sent by the Donbot botnet, said Sergeant. The spike indicates that the botnet owner or operator has found a way to automate the creation of short URL links, within the botnet code or the templates that they send out, he said.
"We track this botnet fairly closely and have a fair idea of its size. It's not one of the biggest botnets out there but it sends a high volume of malicious content and is responsible for about 5 million spam emails. "
Dozens of Web sites offer URL-shortening services and spammers have realized that using these services eliminates the need to solve a CAPTCHA or register an account, according to MessageLabs.
"Previously, when spammers used other services types of services to obfuscate the location of and redirect links, they had to create accounts which require solving a CAPTCHA," said Sergeant. "URL-shortening services don't require registration to create a short link, and so spammers can easily automate that process. The danger of these short URLs is that you don't know where they will take you. They send an email that's hard to stop with URL blocking services because they can't outright blacklist short URLs in general. The short URL obscures the real domain name. Spammers have been doing this for a while by trying to find redirection services, and this is the next level of that."
While the tactic is new, the spam content, said Sergeant, continues to be the typical weight loss and male-enhancement advertisements that include links to a Web site where these kinds of products are sold.
"While we're not seeing it yet, it's entirely possible that those sites could have some sort of drive-by attacks with malicious content and executables," said Sergeant.
Spam
Log Management in a Cyber World
With so many potential cyber villains poking around the gates, enterprises must have strong protections and pristine visibility into what's happening on the network. Explore the increasing importance of log management as cybercrime and other malicious threats grow.
Comparing Research in Motion and Microsoft Mobile Solutions
Organizations must look carefully at the requirements of mobile devices and accompanying middleware that can increase cost, complexity and administrative overhead. This white paper provides an independent analysis and detailed comparison of RIM and Microsoft's mobile solution.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
