Symantec: Spammers Creating Fake URL-Shortening Services


Update: (6/9/2011, 3:10p MT) - Added comments about defending against fake URL-shortening links.

With the advent of Twitter driving the popularity of URL shortening services like, TinyURL, and, it was inevitable that some enterprising spammers would cash in on the trend. According to Symantec, that's exactly what they're doing.

According to Symantec's May 2011 MessageLabs Intelligence Report, spammers are using bogus URL shortening services to redirect users to sites loaded with spam, malware, and other nasty stuff. The new attack method has contributed to rising spam rates, with Symantec's report indicating that 30 percent of emailed malware contained links to nefarious sites, an increase of 16.9 percent since April 2011. Symantec's report also pointed out that "the global ratio of spam in email traffic from new and previously unknown bad sources increased by 2.9 percentage points since April 2011 to 75.8 percent (1 in 1.32 emails)." Some other interesting tidbits from the report: Russia was the most spammed country with a spam rate of 82.2 percent, while Canada, the US, and the UK hovered around 75 percent (75.3%, 76.4%, and 75.4%, respectively).

Chart showing percentage of spam containing shortened URLs. (Image courtesy Symantec)

In a statement announcing the news, Symantec MessageLabs Intelligence Senior Analyst Paul Wood explained the nature of the threats in more detail. "MessageLabs Intelligence has been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques so it was only a matter of time before a new technique appeared," Wood said. "What is unique about the new URL-shortening sites is that the spammers are treating them as ‘stepping stones’ – a link between public URL-shortening services and the spammers’ own sites."

To defend against these threats, Symantec Abuse Desk Analyst Erik Park suggests IT pros could prevent these attacks by "educating their users about such threats" and employing a "comprehensive security suite to detect these emails in the first place." Symantec Senior Software Engineer Nick Johnston also suggested that customers using Symantec MessageLabs Email would benefit from "proprietary technology [that] effectively blocks URL-shortening spam, while still allowing messages using URL-shortening for legitimate purposes."

Does this latest security news make you reconsider using URL shortening services? Let me know what you think by adding a comment to this blog post or by starting up a conversation on Twitter.

Follow Jeff James on Twitter at @jeffjames3

Follow Windows IT Pro on Twitter at @windowsitpro

Related Content:

Discuss this Blog Entry 3

on May 25, 2011
The awareness is important and appreciated. It would be nice if the article included methods to defend against this or if standard anti-virus measures are often good enough.
on Jun 1, 2011 - Thanks for the comments. I'll be posting an update to this article in the near future with some tips and advice on how to defend against this sort of attack.
on May 25, 2011
I'll never do business with companies which uses spammer's services to spamadvertized their services or goods. Why contribute to their spamming?

Please or Register to post comments.

What's Security Blog?

Security news, views, product reviews, and solutions for Microsoft Windows IT professionals.

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×