Forgot your password?
typodupeerror
Spam Security News IT

Spammers Establish Fake URL-Shortening Services 99

Posted by timothy
from the services-seems-a-strong-word dept.
Orome1 writes "Spammers are establishing their own fake URL-shortening services to perform URL redirection, according to Symantec. This new spamming activity has contributed to this month's increase in spam by 2.9 percentage points, a rise that was also expected following the Rustock botnet takedown in March. Under this scheme, shortened links created on these fake URL-shortening sites are not included directly in spam messages. Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. These shortened URLs lead to a shortened-URL on the spammer's fake URL-shortening Web site, which in turn redirects to the spammer's own Web site."
This discussion has been archived. No new comments can be posted.

Spammers Establish Fake URL-Shortening Services

Comments Filter:
  • Good news, no? (Score:4, Interesting)

    by greichert (464285) on Wednesday May 25, 2011 @08:13AM (#36237672)
    So if you block the fake URL-shortening domain with an "ad-blocker" or at the browser level (à la Google Chrome), you avoid pretty simply the redirection to the spam side, without having to block the legitimate URL-shortening sites. Or am I missing something?
    • Re:Good news, no? (Score:4, Informative)

      by WrongSizeGlass (838941) on Wednesday May 25, 2011 @08:23AM (#36237728)

      Or am I missing something?

      What we're all missing is the list of these fake URL-shortening sites. Neither the article or the full PDF listed them.

      • There's no point listing them. It's trivial to set up a new alias so there would never be an up-to-date exhaustive list.

        The only solution is to follow the trail of redirects until you reach a real site, and look at that URL. Even then, there are ways to mask that if the spammers really want to.

        • by smelch (1988698)
          Are there any plugins to auto-expand the shortened URLs?
          • by cyborch (524661)
            Several. Google for "URL expander".
        • In the meantime, you confirm to the spammer that you actually read the email by following their (presumably) unique link and they start sending more emails.

  • It was to be expcted (Score:5, Interesting)

    by Pegasus (13291) on Wednesday May 25, 2011 @08:13AM (#36237674) Homepage

    I always found url shortening to be a weird and potentially dangerous practice. Trading some comfort to squeeze your link into a tweet for the comfort to actually predict where this link will take you? No thanks. If url does not fit into a tweet, then it's a tweeter problem that tweeter should fix. That's also why I don't use tweeter. I find IRC superior :)

    • by erikdalen (99500) <erik.dalen@mensa.se> on Wednesday May 25, 2011 @08:17AM (#36237702) Homepage

      I've seen URL shortening used in print magazines for quite a long time as well though. Where it makes sense as you have to type the URL by hand to visit it. So Twitter isn't the only use case.

      • by xded (1046894)

        Exactly. And they should setup their own service.

        So the URL will be something like hxxp://link.nyt.com/Ax91. With the added benefit of shorter codes (due to the limited number of users), special codes all for themselves (e.g., hxxp://link.nyt.com/nfl) and in-house stats collection/DB control.

        The user instead will be sure there is some editor taking responsibility for the occasional goatse redirect, which may be removed/updated in a centralized manner at a later time.

        If the magazine cannot manage to setup so

        • PCWorld does this (or did, it's been a while since I've read it). Most URLs in their magazine are in the form find.pcworld.com/XXXXX, where the XXXXX is a series of numbers and the link redirects you to the right page.
        • by erikdalen (99500)

          Yup, I can only agree to that. Unfortunately the world doesn't always follow my opinions :)

      • by cthulhu11 (842924)
        My understanding is that the practice started due to MUA's wrapping lines.
    • It is 2011, who clicks on blind links in emails from people you don't know, or do know for that matter?

      There are 4 people who can send me an email with a link that I will click without at least googling it first.

      3 of them are IT professionals for major corporations, and the other is a security nut.

    • But I need to receive links on my old-ass phone that apparently can't deal with messages longer than 140 characters and therefore probably doesn't even have a browser or 3G or anything that would make receiving a link useful in any way! Don't take away my links!!!

    • by jez9999 (618189)

      What is tweeter?

      • Re: (Score:3, Funny)

        by Anonymous Coward

        The opposite of a woofer. Or if you remember Beavis and Butthead... it's the name for the genitalia of a praying mantis. :)

    • by Mr_Silver (213637)

      I always found url shortening to be a weird and potentially dangerous practice. Trading some comfort to squeeze your link into a tweet for the comfort to actually predict where this link will take you?

      To be fair, it's not just Twitters fault.

      It's also the fault of websites who come up with insane 350 character URLs and email clients that attempt to word-wrap the aforementioned 350 character URL and manage to make the hyperlink unclickable.

      Oh and Slashdot coders who include the number of characters in betwee

    • It depends on the service owners - do I personally trust them or not? For example the German Press Agency (Deutsche Presse Agentur - dpa) has its own service only for their own use (About the dpa 'dpaq' servie http://dpaq.de/ueber_dpaq.html [german only]). there are also several other short url services I trust, e.g. made by IT magazines, where you can be sure they will also exist some years long. (Well, I also trust my own service buts thats not yours ;-)).

      And by the way - if using the right system (*cough
    • by hydrofix (1253498)

      Many IRC users also uses URL shortening. Try pasting a dynamically generated content URL containing eg. coordinates and some other random URL arguments. These can easily get longer than say, double the 80-column terminal width. Therefore, for readability's sake, many IRC users shorten long URLs before pasting them (maybe with a small hint of what will be in the link)

  • by thomasdz (178114) on Wednesday May 25, 2011 @08:14AM (#36237680)

    I've never trusted ANY of the URL shortening services. in this age of cut-and-paste, for the most part (except for twitter) *I* really don't see the need for them. (note, I said "*I* don't see any need for them...it's an opinion...don't flame me for an opinion)
    I've been goatse.cx-ed on Slashdot too many times, I guess! :-)
    when I see a short URL (even those short valid ones from Reddit's imgur.com), red flags go off in my brain. (yeah that hurts)

  • TinyURL (Score:5, Informative)

    by The MAZZTer (911996) <megazzt@gm[ ].com ['ail' in gap]> on Wednesday May 25, 2011 @08:15AM (#36237694) Homepage
    You can mitigate this on TinyURL by using this [tinyurl.com].
    • Re:TinyURL (Score:4, Insightful)

      by freedumb2000 (966222) on Wednesday May 25, 2011 @08:20AM (#36237714)
      That should really be the default setting.
      • by dmomo (256005)

        Should be, but it just doesn't go over well. I tried that with SoCuteUrl and got a number of emails asking to change it back. I do allow users to set a cookie so that they always go to preview first, but most people don't know it exists.

        One additional benefit this practice could have, though, is to make it harder for people to use the service for SEO, since it would not resolve to the spammy page.

    • There's a fair number of firefox addons that help you shorten urls. Are there any that show you where short urls redirect to?
      • by smelch (1988698)
        That is what I would like to know. I've never written a browser plugin, but that would be a pretty easy one to start on if there aren't already some good ones out there.
      • Request Policy [mozilla.org] prompts you before each redirect that isn't on the same website. I don't know any way to turn it off or whitelist it, if you're looking for that, but it's probably your best bet.
  • So a redirecting service redirects to a fake redirecting service that somehow redirects but to the wrong place? And how is that useful?
    • That's so when the good folks at TinyURL (or wherever) go to check the destination of the link, the spammers can instead display a clean article somewhere. But when anyone else visits, they get the malware version.

  • If only there were some way to reference a page on the internet in a canonical, consistent fashion. A uniform locator for a resource, if you will.
  • For those not crazy about URL shorteners: it's worth remembering that those whose jobs require creation of QR Codes for insertion in documentation and signage sometimes have to shorten URLs for these Codes. An in-house approach to this is best, IMHO, but YMMV.
    • by greed (112493)

      So, uh, how long does a shortened URL remain valid at one of those services?

      I couldn't find anything on TinyURL.com that says what their retention policy is. Is it really a good idea to use URLs you don't control in signage? Or even more so, documentation?

      • by bwintx (813768)
        As I said, an in-house approach is best IMHO. That's what I set up for my employer for precisely the reasons you apparently have in mind.
    • it's worth remembering that those whose jobs require creation of QR Codes for insertion in documentation and signage sometimes have to shorten URLs for these Codes. An in-house approach to this is best, IMHO

      Agreed

      but YMMV.

      If they are going to get an outsider to supply shorter URLs they should have a contractual relationship with them specifying service level agreements and penalties for not living up to them. Really though the only reason to farm it out is either that your webteam is incompetant or there is a complete breakdown in cooperation between different parts of your organisation.

      IMO anyone who uses (of their own violation) a public URL shortener for anything important and/or orders others to do so is grossly in

  • Including one that I own [ho.io] and when they're in a good mood, they attempt to make shortened URLs as quickly as our servers can handle them, often many thousands per day.

    Thankfully, due to the sterling efforts of many of the URL blacklisting services out there, these are purged on the hour, on the day, on the week and on the month automatically, so often don't last that long.

    However, if legitimate people start to use the URL shortening services that the spammers provide, it'll hardly be in their interests t

  • by WD (96061)

    If the link is shorter, then I wouldn't call it a fake URL shortener. I think I more sane explanation of what is going on there is that spammers are using redirectors to avoid detection by users and URL-shortening services.

    Nothing to see here.

  • I've found people no longer trust short URLs. But give them a long, impressive authoritarian-sounding URL and they assume it must be part of some corporate datacenter they can feel safe doing business with. Right now there are a couple, like Johannes longurl [homepc.org]. It works, but doesn't fill the URL with impressive sounding words. What we need is something tied to a thesaurus lookup with all manner of impressive sounding terms meant to subliminally make the person think they are safe. e.g., reallybigcorpo
  • by kill-1 (36256) on Wednesday May 25, 2011 @10:27AM (#36238630)

    Something like shadyurl.com [shadyurl.com]? This has always been one of my favorite URL "shorteners".

  • by sherriw (794536) on Wednesday May 25, 2011 @10:32AM (#36238684)

    I always wondered what if a not so scrupulous person set up a url shortening service that operated legitimately for a while getting itself spread all over the web. Then one day they change it so that all the urls now point to a frame with the target site surrounded by ads. It would be mostly too late to stop it, and the terms could be along the lines of "we reserve the right to do anything we want with shortened urls".

    It drives me mad when I see URL shorteners used in places that do not have a space limitation. Like on a regular website. I get the point of using it on twitter or txt messages, but on a blog or website? Ug. It's killing the web.

  • Why are spammers so insistent on getting people who obviously are not interested in what they are selling to look at their wares? Are there people who then go "Oooohhh, shiny! I must buy, I must buy"?!? Isn't the point really to get sales? I guess there are people like that and as long as there is, there will be spammers.
    • Basically it boils down to the fact that spamming is really cheap. So even if only one in a million people says "Oooohhh, shiny! I must buy, I must buy" it'll still be worth your while.

    • by dmomo (256005)

      If it's virtually free to bother 100,000 people to make one sale, it's beneficial to a spammer.

    • by cdrguru (88047)

      Spammers aren't paid by people that buy. Spammers are paid by the number of messages sent or messages opened. So if they can fool you into opening it, you just got them paid.

      You might think that spammers wouldn't get customers any longer. The problem with that is ... it does work! Send out 10 million emails and you get 10 customers you didn't have before. Assuming it is your standard sort of uncancellable subscription credit card purchase (free - just pay shipping and handling!!!) they probably get $10

  • by Gnaythan1 (214245) on Wednesday May 25, 2011 @11:02AM (#36238982)

    why are we not prosecuting the advertisers themselves for fraud? who the hell gives these people money to make this multi-headed, nested box, country jumping, spam monster?

    Doesn't it boil down to one end getting spam, and the other end getting money? If there is a way for money to transfer to that end, then there should be a way for people to find that end, and then charge them five times whatever money they made in fines.

    Stop hitting HOW they spam, and start hurting WHY.

    • by dmomo (256005)

      I agree. I assume it's because it is difficult to prove. I don't see how it couldn't be done if there were pressure on our law makers to all it, though. I guess the pressure just isn't there.

      I've tried sending nasty-grams to the sellers. For me it was a dead end. But I'm just a dude.

    • by bioster (2042418)
      I would assume you'll run into jurisdiction and cost-effectiveness issues. Let's say you're law enforcement in the US and you find a spammer that you can 100% verify lives and works in Canada, a very friendly nation. To go to the effort of getting Canadian authorities to let you do something about it, wouldn't the spammer have to be operating in (at least!) the tens of thousands of dollars?

      Now, what if you can't 100% verify who it is? Or what if you can, but they're in some developing nation with a bar
  • Dont click on links in emails from people you dont know. This doesnt change because they shortened the url. they still are selling the same stuff,penis pills and so on. So the "from" will be fake as always,and the same unreadable subject lines.
    • It is more a problem with things like Twitter, though I agree, same rule applies... just harder to implement there. My advice, use a good browser, properly setup, on a good OS... then even clicking a bad link isn't a problem for the most part so long as you have a bit of common sense.
  • But, shortened URLs get expanded in the end. So, even if they send you to a fake site, the URL of that fake site will then be apparent. If you're reading an article with a shortened link to some article you think should be at yahoo.com and you end up at yarha.com, then you'll realize you've been improperly redirected. It is a problem if you aren't paying attention, but otherwise, not too big a deal IMO. (Just make sure you have all the 'auto-' anything turned off for your browser so the redirect can't link
  • Don't just shorten your URL, make it suspicious and frightening.
    http://5z8.info/white-power-rides-upon-stallions-unstoppable_p1i3zc_PIN-phisher [5z8.info]

A committee is a group that keeps the minutes and loses hours. -- Milton Berle

Working...