Warning: spammers cashing in on the Twitter effect

2

By Davey Winder on May 25th, 2011 12:41 pm

Ad: Tech Marketers: Let Spiceworks help you reach your marketing goals!

Anyone who uses Twitter, and has at some point posted a link to something interesting, will have almost certainly used a URL-shortening service such as bit.ly for example. Now the spammers are exploiting the popularity of such link-reduction services by establishing their own fake URL-shortening services in order to redirect users to their own spam and malware sites.

According to the latest Symantec MessageLabs Intelligence Report, this is the first time that spammers have been found to be using custom URL redirection (with domains registered many months before being used) as part of their efforts to evade detection by anti-spam filtering services and software. It seems that the spammers are using a double-dip technique whereby they are not linking directly to the target sites using these services. Instead, the spam emails contain a link using a genuine link reduction service which in turn points to the spam shortened link itself - a technique being used with great success. The figures suggest that during the month of May 2011, spam increased by 2.9 percent over the previous month and it is suggested that much of this is down to the newly uncovered evasion technique.

"MessageLabs Intelligence has been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques so it was only a matter of time before a new technique appeared," said Paul Wood, MessageLabs Intelligence Senior Analyst. "What is unique about the new URL-shortening sites is that the spammers are treating them as 'stepping stones' - a link between public URL-shortening services and the spammers' own sites. With legitimate URL-shortening services attempting to tackle abuse more seriously, spammers seem to be experimenting with ways to establish their own services to better avoid disruption. However, as long as new URL-shortening services are being created, we expect spammers to continue abusing them."

1 Year Ago

0

bit.ly and others for that reason have now added preview services to their sites, where typing in the URL you received will be tested to see if it's valid and show a preview of the site linked to.

jwenting

duckman

Team Colleague

8,522 posts since Nov 2004

Reputation Points: 1,656

Solved Threads: 345

Skill Endorsements: 18

1 Year Ago

0

What's so newsworthy about this tidbit? Spammers have been redirecting and sometimes chain-redirecting for ages. Well, at least since browsers began supporting 301 redirects, and URL obfuscation (often resulting in shortening) similar if not identical to that of bit.ly was almost always used.

Has Symantec MessageLabs been sleeping for the last 16+ years?

scriptster

Newbie Poster

11 posts since May 2011

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

1 Year Ago

0

You always have to be careful.

pgmco

Junior Poster

181 posts since May 2010

Reputation Points: 8

Solved Threads: 6

Skill Endorsements: 0

1 Year Ago

0

What is newsworthy, and what Symantec pointed out, was that the spammers are now operating their own custom URL shortening domains rather than using existing services.

happygeek

veganarchist

Administrator

28,351 posts since Mar 2006

Reputation Points: 1,603

Solved Threads: 90

Skill Endorsements: 70

1 Year Ago

0

how to combat spam that, in addition to careful?

maximocn

Newbie Poster

3 posts since Jun 2011

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

1 Year Ago

0

What is newsworthy, and what Symantec pointed out, was that the spammers are now operating their own custom URL shortening domains rather than using existing services.

PHP has a very nice operator called 'base_convert' which makes writing a URL-shortening script a matter of a couple of lines of code. I'm not exaggerating, I'm using URL shortening for my own URLs before posting to Twitter and other places where string length is limited and the "meat" of such shortening service is exactly 5 lines of PHP code.
Indeed, if they had to worry about user interface, there would have been more involved, but they don't. They are spammers, they can care less about user interface.

That's why I questioned newsworthiness of the piece. "It's so easy, a caveman could do it"™ - they could have just assumed this practice is being utilized by spammers. Not much anyone can do about it, either, except for limiting amount of redirects a Web browser supports to just one or two at most, but that will render many legitimate sites unusable.

scriptster

Newbie Poster

11 posts since May 2011

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

1 Year Ago

0

twitter got spammed so quickly

matricol

Junior Poster in Training

98 posts since Jun 2011

Reputation Points: 2

Solved Threads: 9

Skill Endorsements: 0

1 Year Ago

0

I am not really good in managing Twitter. I just used it to post links to each my post. Glad that I read this thread about spamming. I thought those all tweets or retweets of links are all good. Maybe that is why my computer was crushed when I opened one of the links in Twitter. I should be careful from this time. Thank you for sharing this important alert information.

netvani

Junior Poster in Training

79 posts since Jul 2011

Reputation Points: 7

Solved Threads: 1

Skill Endorsements: 0

1 Year Ago

0

Hello there, simply turned into aware of your blog thru Google, and found that it is really informative. I?m gonna watch out for brussels. I will appreciate if you continue this in future. A lot of other folks will be benefited from your writing. Cheers!

sufalamtech

Newbie Poster

13 posts since Jan 2011

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0