Spammers Turn to Short URL Services to Cloak Spammed Sites URLs

The Internet Patrol - Patrolling the Internet for You

Spammers and malware pushers have turned in increasing numbers to the URL shortening services such as TinyURL, SNURL, bit.ly and is.gd as a way of getting by spam filters that recognize the actual URLs to spam and malware sites.

Shortened URLs are changed from the actual address to an address that appears as the URL shortening service’s address along with an additional identifier. So, for example, the URL for this article, http://www.TheInternetPatrol.com/spammers-turn-to-short-url-services-to-cloak-spammed-sites-urls, becomes http://tinyurl.com/lng2bo.


We first reported on spammers using TinyURL over a year ago, but it seems that now it’s on the rise. In fact, the Internet security experts at MessageLabs said this week that they have seen what is being termed a “dramatic spike” in spam which contains links hidden behind shortened URLs.

By cloaking the actual target domain and URL behind a shortened URL, the spammers are able to by-pass many of the anti-spam mechanisms that are ready to zap any email containing the actual URL for the spam or malware domain.

Says MessageLabs spokesperson, Matt Sergeant, “Usually when we see a spike of this nature it tends to indicate that a spammer has found some method of automating the creation of these short URLs.”

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

Which also means that, hopefully, the URL shortening services being gamed are working right now to find a way to stop it. But, as is always the case in the spam wars, each escalation is met by the other side with another escalation.

It’s all just one big game of technical one-upmanship.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

2 thoughts on “Spammers Turn to Short URL Services to Cloak Spammed Sites URLs

  1. Using URL abbreviation services like TinyURL, bit.ly, and others which hide the destination URL from the user has been a common tactic since 2005. The unfortunate part is that now these services are also being used to hide cross site scripting attacks and links to malicious executable files.

    The main reason that URL abbreviation services are getting more common use is because of sites like Twitter who enforce a 140 character limit on tweets, but their use by spammers is far from new. They’ve been onto the game for years.

  2. This is not technical one-upmanship. this is just the anti-virus and anti-spyware people failing to be pro-active. They put in the minimum effort possible to “protect” you from harmful elements. Resolving shortened URL’s into real ones is absolutely trivial.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.