Warning: spammers cashing in on the Twitter effect

happygeek 2 492 Views

Anyone who uses Twitter, and has at some point posted a link to something interesting, will have almost certainly used a URL-shortening service such as bit.ly for example. Now the spammers are exploiting the popularity of such link-reduction services by establishing their own fake URL-shortening services in order to redirect users to their own spam and malware sites.


According to the latest Symantec MessageLabs Intelligence Report, this is the first time that spammers have been found to be using custom URL redirection (with domains registered many months before being used) as part of their efforts to evade detection by anti-spam filtering services and software. It seems that the spammers are using a double-dip technique whereby they are not linking directly to the target sites using these services. Instead, the spam emails contain a link using a genuine link reduction service which in turn points to the spam shortened link itself - a technique being used with great success. The figures suggest that during the month of May 2011, spam increased by 2.9 percent over the previous month and it is suggested that much of this is down to the newly uncovered evasion technique.

"MessageLabs Intelligence has been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques so it was only a matter of time before a new technique appeared," said Paul Wood, MessageLabs Intelligence Senior Analyst. "What is unique about the new URL-shortening sites is that the spammers are treating them as 'stepping stones' - a link between public URL-shortening services and the spammers' own sites. With legitimate URL-shortening services attempting to tackle abuse more seriously, spammers seem to be experimenting with ways to establish their own services to better avoid disruption. However, as long as new URL-shortening services are being created, we expect spammers to continue abusing them."

image001.jpg 110.32 KB
Member Avatar for jwenting
jwenting 1,889 duckman

bit.ly and others for that reason have now added preview services to their sites, where typing in the URL you received will be tested to see if it's valid and show a preview of the site linked to.

Member Avatar for scriptster
scriptster 0 Newbie Poster

What's so newsworthy about this tidbit? Spammers have been redirecting and sometimes chain-redirecting for ages. Well, at least since browsers began supporting 301 redirects, and URL obfuscation (often resulting in shortening) similar if not identical to that of bit.ly was almost always used.

Has Symantec MessageLabs been sleeping for the last 16+ years?

Member Avatar for pgmco
pgmco -2 Junior Poster

You always have to be careful.

Member Avatar for happygeek
happygeek 2,411 Most Valuable Poster

What is newsworthy, and what Symantec pointed out, was that the spammers are now operating their own custom URL shortening domains rather than using existing services.

Member Avatar for maximocn
maximocn 0 Newbie Poster

how to combat spam that, in addition to careful?

Member Avatar for scriptster
scriptster 0 Newbie Poster

What is newsworthy, and what Symantec pointed out, was that the spammers are now operating their own custom URL shortening domains rather than using existing services.

PHP has a very nice operator called 'base_convert' which makes writing a URL-shortening script a matter of a couple of lines of code. I'm not exaggerating, I'm using URL shortening for my own URLs before posting to Twitter and other places where string length is limited and the "meat" of such shortening service is exactly 5 lines of PHP code.
Indeed, if they had to worry about user interface, there would have been more involved, but they don't. They are spammers, they can care less about user interface.

That's why I questioned newsworthiness of the piece. "It's so easy, a caveman could do it"™ - they could have just assumed this practice is being utilized by spammers. Not much anyone can do about it, either, except for limiting amount of redirects a Web browser supports to just one or two at most, but that will render many legitimate sites unusable.

Member Avatar for matricol
matricol -8 Junior Poster in Training

twitter got spammed so quickly

Member Avatar for netvani
netvani -3 Junior Poster in Training

I am not really good in managing Twitter. I just used it to post links to each my post. Glad that I read this thread about spamming. I thought those all tweets or retweets of links are all good. Maybe that is why my computer was crushed when I opened one of the links in Twitter. I should be careful from this time. Thank you for sharing this important alert information.

Member Avatar for sufalamtech
sufalamtech 0 Newbie Poster

Hello there, simply turned into aware of your blog thru Google, and found that it is really informative. I?m gonna watch out for brussels. I will appreciate if you continue this in future. A lot of other folks will be benefited from your writing. Cheers!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Edit Preview