Anyone who uses Twitter, and has at some point posted a link to something interesting, will have almost certainly used a URL-shortening service such as bit.ly for example. Now the spammers are exploiting the popularity of such link-reduction services by establishing their own fake URL-shortening services in order to redirect users to their own spam and malware sites.
According to the latest Symantec MessageLabs Intelligence Report, this is the first time that spammers have been found to be using custom URL redirection (with domains registered many months before being used) as part of their efforts to evade detection by anti-spam filtering services and software. It seems that the spammers are using a double-dip technique whereby they are not linking directly to the target sites using these services. Instead, the spam emails contain a link using a genuine link reduction service which in turn points to the spam shortened link itself - a technique being used with great success. The figures suggest that during the month of May 2011, spam increased by 2.9 percent over the previous month and it is suggested that much of this is down to the newly uncovered evasion technique.
"MessageLabs Intelligence has been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques so it was only a matter of time before a new technique appeared," said Paul Wood, MessageLabs Intelligence Senior Analyst. "What is unique about the new URL-shortening sites is that the spammers are treating them as 'stepping stones' - a link between public URL-shortening services and the spammers' own sites. With legitimate URL-shortening services attempting to tackle abuse more seriously, spammers seem to be experimenting with ways to establish their own services to better avoid disruption. However, as long as new URL-shortening services are being created, we expect spammers to continue abusing them."
I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .
What's so newsworthy about this tidbit? Spammers have been redirecting and sometimes chain-redirecting for ages. Well, at least since browsers began supporting 301 redirects, and URL obfuscation (often resulting in shortening) similar if not identical to that of bit.ly was almost always used.
Has Symantec MessageLabs been sleeping for the last 16+ years?
What is newsworthy, and what Symantec pointed out, was that the spammers are now operating their own custom URL shortening domains rather than using existing services.
PHP has a very nice operator called 'base_convert' which makes writing a URL-shortening script a matter of a couple of lines of code. I'm not exaggerating, I'm using URL shortening for my own URLs before posting to Twitter and other places where string length is limited and the "meat" of such shortening service is exactly 5 lines of PHP code.
Indeed, if they had to worry about user interface, there would have been more involved, but they don't. They are spammers, they can care less about user interface.
That's why I questioned newsworthiness of the piece. "It's so easy, a caveman could do it"™ - they could have just assumed this practice is being utilized by spammers. Not much anyone can do about it, either, except for limiting amount of redirects a Web browser supports to just one or two at most, but that will render many legitimate sites unusable.
I am not really good in managing Twitter. I just used it to post links to each my post. Glad that I read this thread about spamming. I thought those all tweets or retweets of links are all good. Maybe that is why my computer was crushed when I opened one of the links in Twitter. I should be careful from this time. Thank you for sharing this important alert information.
Hello there, simply turned into aware of your blog thru Google, and found that it is really informative. I?m gonna watch out for brussels. I will appreciate if you continue this in future. A lot of other folks will be benefited from your writing. Cheers!