1,105,271 Community Members

Warning: spammers cashing in on the Twitter effect

Member Avatar
(happygeek)
Reputation Points: 1,411 [?]
Q&As Helped to Solve: 451 [?]
Skill Endorsements: 166 [?]
 
2
 

Anyone who uses Twitter, and has at some point posted a link to something interesting, will have almost certainly used a URL-shortening service such as bit.ly for example. Now the spammers are exploiting the popularity of such link-reduction services by establishing their own fake URL-shortening services in order to redirect users to their own spam and malware sites.

image001.jpg


According to the latest Symantec MessageLabs Intelligence Report, this is the first time that spammers have been found to be using custom URL redirection (with domains registered many months before being used) as part of their efforts to evade detection by anti-spam filtering services and software. It seems that the spammers are using a double-dip technique whereby they are not linking directly to the target sites using these services. Instead, the spam emails contain a link using a genuine link reduction service which in turn points to the spam shortened link itself - a technique being used with great success. The figures suggest that during the month of May 2011, spam increased by 2.9 percent over the previous month and it is suggested that much of this is down to the newly uncovered evasion technique.

"MessageLabs Intelligence has been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques so it was only a matter of time before a new technique appeared," said Paul Wood, MessageLabs Intelligence Senior Analyst. "What is unique about the new URL-shortening sites is that the spammers are treating them as 'stepping stones' - a link between public URL-shortening services and the spammers' own sites. With legitimate URL-shortening services attempting to tackle abuse more seriously, spammers seem to be experimenting with ways to establish their own services to better avoid disruption. However, as long as new URL-shortening services are being created, we expect spammers to continue abusing them."

Attachments image001.jpg 110.32KB
Member Avatar
Davey Winder

I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .

Member Avatar
jwenting
duckman
8,330 posts since Nov 2004
Reputation Points: 1,399 [?]
Q&As Helped to Solve: 445 [?]
Skill Endorsements: 35 [?]
Infraction Points: 5
Team Colleague
 
0
 

bit.ly and others for that reason have now added preview services to their sites, where typing in the URL you received will be tested to see if it's valid and show a preview of the site linked to.

Member Avatar
scriptster
Newbie Poster
10 posts since May 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

What's so newsworthy about this tidbit? Spammers have been redirecting and sometimes chain-redirecting for ages. Well, at least since browsers began supporting 301 redirects, and URL obfuscation (often resulting in shortening) similar if not identical to that of bit.ly was almost always used.

Has Symantec MessageLabs been sleeping for the last 16+ years?

Member Avatar
pgmco
Junior Poster
181 posts since May 2010
Reputation Points: -2 [?]
Q&As Helped to Solve: 6 [?]
Skill Endorsements: 0 [?]
 
0
 

You always have to be careful.

Member Avatar
happygeek
veganarchist
9,511 posts since Mar 2006
Reputation Points: 1,411 [?]
Q&As Helped to Solve: 451 [?]
Skill Endorsements: 166 [?]
Administrator
Featured
 
0
 

What is newsworthy, and what Symantec pointed out, was that the spammers are now operating their own custom URL shortening domains rather than using existing services.

Member Avatar
maximocn
Newbie Poster
3 posts since Jun 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

how to combat spam that, in addition to careful?

Member Avatar
scriptster
Newbie Poster
10 posts since May 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

What is newsworthy, and what Symantec pointed out, was that the spammers are now operating their own custom URL shortening domains rather than using existing services.

PHP has a very nice operator called 'base_convert' which makes writing a URL-shortening script a matter of a couple of lines of code. I'm not exaggerating, I'm using URL shortening for my own URLs before posting to Twitter and other places where string length is limited and the "meat" of such shortening service is exactly 5 lines of PHP code.
Indeed, if they had to worry about user interface, there would have been more involved, but they don't. They are spammers, they can care less about user interface.

That's why I questioned newsworthiness of the piece. "It's so easy, a caveman could do it"™ - they could have just assumed this practice is being utilized by spammers. Not much anyone can do about it, either, except for limiting amount of redirects a Web browser supports to just one or two at most, but that will render many legitimate sites unusable.

Member Avatar
matricol
Junior Poster in Training
98 posts since Jun 2011
Reputation Points: -8 [?]
Q&As Helped to Solve: 9 [?]
Skill Endorsements: 0 [?]
 
0
 

twitter got spammed so quickly

Member Avatar
netvani
Junior Poster in Training
79 posts since Jul 2011
Reputation Points: -3 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

I am not really good in managing Twitter. I just used it to post links to each my post. Glad that I read this thread about spamming. I thought those all tweets or retweets of links are all good. Maybe that is why my computer was crushed when I opened one of the links in Twitter. I should be careful from this time. Thank you for sharing this important alert information.

Member Avatar
sufalamtech
Newbie Poster
13 posts since Jan 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hello there, simply turned into aware of your blog thru Google, and found that it is really informative. I?m gonna watch out for brussels. I will appreciate if you continue this in future. A lot of other folks will be benefited from your writing. Cheers!

You
Post:
Start New Discussion
View similar articles that have also been tagged: