Anyone who uses Twitter, and has at some point posted a link to something interesting, will have almost certainly used a URL-shortening service such as bit.ly for example. Now the spammers are exploiting the popularity of such link-reduction services by establishing their own fake URL-shortening services in order to redirect users to their own spam and malware sites.
According to the latest Symantec MessageLabs Intelligence Report, this is the first time that spammers have been found to be using custom URL redirection (with domains registered many months before being used) as part of their efforts to evade detection by anti-spam filtering services and software. It seems that the spammers are using a double-dip technique whereby they are not linking directly to the target sites using these services. Instead, the spam emails contain a link using a genuine link reduction service which in turn points to the spam shortened link itself - a technique being used with great success. The figures suggest that during the month of May 2011, spam increased by 2.9 percent over the previous month and it is suggested that much of this is down to the newly uncovered evasion technique.
"MessageLabs Intelligence has been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques so it was only a matter of time before a new technique appeared," said Paul Wood, MessageLabs Intelligence Senior Analyst. "What is unique about the new URL-shortening sites is that the spammers are treating them as 'stepping stones' - a link between public URL-shortening services and the spammers' own sites. With legitimate URL-shortening services attempting to tackle abuse more seriously, spammers seem to be experimenting with ways to establish their own services to better avoid disruption. However, as long as new URL-shortening services are being created, we expect spammers to continue abusing them."