Spammers Establish Fake URL-Shortening Services 99
Orome1 writes "Spammers are establishing their own fake URL-shortening services to perform URL redirection, according to Symantec. This new spamming activity has contributed to this month's increase in spam by 2.9 percentage points, a rise that was also expected following the Rustock botnet takedown in March. Under this scheme, shortened links created on these fake URL-shortening sites are not included directly in spam messages. Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. These shortened URLs lead to a shortened-URL on the spammer's fake URL-shortening Web site, which in turn redirects to the spammer's own Web site."
Good news, no? (Score:4, Interesting)
Re:Good news, no? (Score:4, Informative)
Or am I missing something?
What we're all missing is the list of these fake URL-shortening sites. Neither the article or the full PDF listed them.
Re: (Score:2)
There's no point listing them. It's trivial to set up a new alias so there would never be an up-to-date exhaustive list.
The only solution is to follow the trail of redirects until you reach a real site, and look at that URL. Even then, there are ways to mask that if the spammers really want to.
Re: (Score:2)
Just don't follow shortened links (Score:2)
With a URL like "my.tv/fjdhj454jhj45/", you have NO idea where you're being sent. If you click on it, as far as I'm concerned, you deserve what you get. The whole idea of URL shorteners has always been a (further) invitation to trouble. So is allowing redirection. So is hiding the URL bar. These are ideas that offer utility if used responsibly, but open the gates of doom as soon as anyone with evil intent takes advantage of them. And the fact is, the web is rife with folk of evil intent.
When I see a shorten
Re: (Score:2)
Re: (Score:2)
In the meantime, you confirm to the spammer that you actually read the email by following their (presumably) unique link and they start sending more emails.
It was to be expcted (Score:5, Interesting)
I always found url shortening to be a weird and potentially dangerous practice. Trading some comfort to squeeze your link into a tweet for the comfort to actually predict where this link will take you? No thanks. If url does not fit into a tweet, then it's a tweeter problem that tweeter should fix. That's also why I don't use tweeter. I find IRC superior :)
Re:It was to be expcted (Score:5, Interesting)
I've seen URL shortening used in print magazines for quite a long time as well though. Where it makes sense as you have to type the URL by hand to visit it. So Twitter isn't the only use case.
Re: (Score:2)
Exactly. And they should setup their own service.
So the URL will be something like hxxp://link.nyt.com/Ax91. With the added benefit of shorter codes (due to the limited number of users), special codes all for themselves (e.g., hxxp://link.nyt.com/nfl) and in-house stats collection/DB control.
The user instead will be sure there is some editor taking responsibility for the occasional goatse redirect, which may be removed/updated in a centralized manner at a later time.
If the magazine cannot manage to setup so
Re: (Score:1)
Re: (Score:2)
Yup, I can only agree to that. Unfortunately the world doesn't always follow my opinions :)
Re: (Score:1)
Re: (Score:3)
There are 4 people who can send me an email with a link that I will click without at least googling it first.
3 of them are IT professionals for major corporations, and the other is a security nut.
Re:It was to be expcted (Score:5, Insightful)
Re: (Score:2)
Are these the same users that we complained about earlier who don't dare click randomly [slashdot.org] on the screen for fear of breaking something?
Hard to squirrel away the two - they're bold enough to click random links on emails, but not bold enough to click on various buttons in programs...
Re: (Score:2)
No, it's not hard to believe both of these behaviours can occur with the same user. It's not hard to believe in the slightest.
Re: (Score:2)
Almost every single person that works here....
OHHH SHINY CLICK IT CLICK IT!
Re: (Score:2)
But I need to receive links on my old-ass phone that apparently can't deal with messages longer than 140 characters and therefore probably doesn't even have a browser or 3G or anything that would make receiving a link useful in any way! Don't take away my links!!!
Re: (Score:3)
What is tweeter?
Re: (Score:3, Funny)
The opposite of a woofer. Or if you remember Beavis and Butthead... it's the name for the genitalia of a praying mantis. :)
Re: (Score:3)
To be fair, it's not just Twitters fault.
It's also the fault of websites who come up with insane 350 character URLs and email clients that attempt to word-wrap the aforementioned 350 character URL and manage to make the hyperlink unclickable.
Oh and Slashdot coders who include the number of characters in betwee
Re: (Score:1)
Re: (Score:1)
Many IRC users also uses URL shortening. Try pasting a dynamically generated content URL containing eg. coordinates and some other random URL arguments. These can easily get longer than say, double the 80-column terminal width. Therefore, for readability's sake, many IRC users shorten long URLs before pasting them (maybe with a small hint of what will be in the link)
call me overly paranoid, but... (Score:5, Insightful)
I've never trusted ANY of the URL shortening services. in this age of cut-and-paste, for the most part (except for twitter) *I* really don't see the need for them. (note, I said "*I* don't see any need for them...it's an opinion...don't flame me for an opinion) :-)
I've been goatse.cx-ed on Slashdot too many times, I guess!
when I see a short URL (even those short valid ones from Reddit's imgur.com), red flags go off in my brain. (yeah that hurts)
Re: (Score:1)
Alternately, clients could properly re-assemble a URL by dropping whitespace between < and >. That does mean you'd have to use <http://www.google.com> in plain text, but that's actually (one way) recommended in appendix C of RFC 3986. (RFC 1738 recommended <URL: and > as delimiters, that never caught on.)
And hey, look at that, RFC 1738 and 3986 already includes information on re-assembling a URL that has had whitespace (including newline) injected by formatting.
Which means the fact that
TinyURL (Score:5, Informative)
Re:TinyURL (Score:4, Insightful)
Re: (Score:3)
Should be, but it just doesn't go over well. I tried that with SoCuteUrl and got a number of emails asking to change it back. I do allow users to set a cookie so that they always go to preview first, but most people don't know it exists.
One additional benefit this practice could have, though, is to make it harder for people to use the service for SEO, since it would not resolve to the spammy page.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
By the way, YouTube URLs can be shortened easily, without using an untrusted shortener...
http://youtu.be/KagkNFYJvuY [youtu.be]
And Google does own the domain.
Re: (Score:1)
Re: (Score:2)
Because copying and pasting is a pain in the ass when you can have a clickable link instead.
Especially when you're on a phone.
Re: (Score:2)
Easy solution: Block all URL-shortening services.
Which breaks a lot of web traversal.
That's also why just blocking the bogus URL shortening services is also not as easy a solution as it sounds: Apparently these services were up for a while, gaining legitimate users and an air of legitimacy, before the spammers began using them for malware.
Re: (Score:1)
So you are telling me I shouldn't trust any tweets with sp.am in them then?
Actually, the really dangerous links go to ev.il :-)
Sorry, I can't follow (Score:2)
Re: (Score:2)
That's so when the good folks at TinyURL (or wherever) go to check the destination of the link, the spammers can instead display a clean article somewhere. But when anyone else visits, they get the malware version.
Re: (Score:3)
It's a question of what scope you care about.
Many "netizens" care about the entire internet and all of its users [to a degree]. As for myself, I don't give it much thought since, like you, I don't have a problem as my methods, manners and technologies keep me clear of such problems. But in the interests of goodness and justice, I still care about the idiots, morons and unwashed out there who simply don't [care to] know any better. The scum out there needs to be killed.
Re: (Score:2, Insightful)
Can't tell if trolling or just stupid.
My gmail account (about a year old, very odd spelling, probably not randomly targeted) gets around 100 per day, 99 of them get filtered
My work email (firstinitial.lastname@) gets around 500 per day, filter manages to take out almost all of them.
Yet I am still a spam victim, and so are you.
Our corporate mail server only serves about 300 non-alias email addresses. Some of our sales people and executives get upwards of 2000 spam messages a day, and though we are able to fi
Re: (Score:2)
Who cares?
Parents! Teenagers are really bad at distinguishing between real and fake. They just click on anything that pops up to make it go away, and they click e-mail links because they look interesting.
Also, computer illiterates, especially older people. My brother-in-law bought something called "Win Anti-Virus" because he got spam telling him that his anti-virus software was out of date. He didn't realize that it wasn't "Norton" Anti-Virus, and that "Win Anti-Virus" is actually a scam.
If you look at
Re: (Score:2)
Thus spake the fuckwit that obviously has no experience with administering email servers? Yes, I've been trolled.
My intention was really not to troll. Look, it's clear that mail server admins, especially the whiny ones (hehehe), don't like spam. I didn't say I like spam either, I said it never was a serious problem and I still haven't seen any argument against this point of view.
Quite honestly, I have never met a 'victim' of spam in real life or on the Net, not a single time. I'm on the Net for more than 15 years now and nobody I have ever met had a genuine problem with his inbox or bandwidth because of spam. I don't
Re: (Score:2)
I've seen businesses that rely on email effectively halted due to joe-jobbing [...] That is as much due to misconfigured servers as spam,
Yet, if you configure the servers correctly such problems cannot occur. Am I supposed to pitty businesses that cannot configure correctly the technologies they rely on? As I said, the only victims of spammers seem to be idiots who would be victims of someone else otherwise...
Sorry, you're either trolling or more stupid than the "spam victims" you denigrated.
Clearly, you represent the voice of reason here, as indicated by posting anonymously and enriching your arguments with words like "fuckwit", "troll", and "stupid."
We need standards (Score:2)
QR Codes, too (Score:2)
Re: (Score:1)
So, uh, how long does a shortened URL remain valid at one of those services?
I couldn't find anything on TinyURL.com that says what their retention policy is. Is it really a good idea to use URLs you don't control in signage? Or even more so, documentation?
Re: (Score:2)
Re: (Score:2)
it's worth remembering that those whose jobs require creation of QR Codes for insertion in documentation and signage sometimes have to shorten URLs for these Codes. An in-house approach to this is best, IMHO
Agreed
but YMMV.
If they are going to get an outsider to supply shorter URLs they should have a contractual relationship with them specifying service level agreements and penalties for not living up to them. Really though the only reason to farm it out is either that your webteam is incompetant or there is a complete breakdown in cooperation between different parts of your organisation.
IMO anyone who uses (of their own violation) a public URL shortener for anything important and/or orders others to do so is grossly in
Spammers already using public shortening services (Score:1)
Including one that I own [ho.io] and when they're in a good mood, they attempt to make shortened URLs as quickly as our servers can handle them, often many thousands per day.
Thankfully, due to the sterling efforts of many of the URL blacklisting services out there, these are purged on the hour, on the day, on the week and on the month automatically, so often don't last that long.
However, if legitimate people start to use the URL shortening services that the spammers provide, it'll hardly be in their interests t
Fake, eh? (Score:2)
If the link is shorter, then I wouldn't call it a fake URL shortener. I think I more sane explanation of what is going on there is that spammers are using redirectors to avoid detection by users and URL-shortening services.
Nothing to see here.
URL Lengthening Service (Score:2)
Re: (Score:2)
Something like that? (Score:3)
Something like shadyurl.com [shadyurl.com]? This has always been one of my favorite URL "shorteners".
Shorteners Could Be a Trap (Score:3)
I always wondered what if a not so scrupulous person set up a url shortening service that operated legitimately for a while getting itself spread all over the web. Then one day they change it so that all the urls now point to a frame with the target site surrounded by ads. It would be mostly too late to stop it, and the terms could be along the lines of "we reserve the right to do anything we want with shortened urls".
It drives me mad when I see URL shorteners used in places that do not have a space limitation. Like on a regular website. I get the point of using it on twitter or txt messages, but on a blog or website? Ug. It's killing the web.
Who are they trying to reach? (Score:1)
Re: (Score:2)
Basically it boils down to the fact that spamming is really cheap. So even if only one in a million people says "Oooohhh, shiny! I must buy, I must buy" it'll still be worth your while.
Re: (Score:2)
If it's virtually free to bother 100,000 people to make one sale, it's beneficial to a spammer.
Re: (Score:2)
Spammers aren't paid by people that buy. Spammers are paid by the number of messages sent or messages opened. So if they can fool you into opening it, you just got them paid.
You might think that spammers wouldn't get customers any longer. The problem with that is ... it does work! Send out 10 million emails and you get 10 customers you didn't have before. Assuming it is your standard sort of uncancellable subscription credit card purchase (free - just pay shipping and handling!!!) they probably get $10
explain to me (Score:3)
why are we not prosecuting the advertisers themselves for fraud? who the hell gives these people money to make this multi-headed, nested box, country jumping, spam monster?
Doesn't it boil down to one end getting spam, and the other end getting money? If there is a way for money to transfer to that end, then there should be a way for people to find that end, and then charge them five times whatever money they made in fines.
Stop hitting HOW they spam, and start hurting WHY.
Re: (Score:2)
I agree. I assume it's because it is difficult to prove. I don't see how it couldn't be done if there were pressure on our law makers to all it, though. I guess the pressure just isn't there.
I've tried sending nasty-grams to the sellers. For me it was a dead end. But I'm just a dude.
Re: (Score:1)
Now, what if you can't 100% verify who it is? Or what if you can, but they're in some developing nation with a bar
Dont click on links in emails from people you dont (Score:1)
Re: (Score:1)
Shortened URLs get expanded... (Score:1)
shadyurl.com ftw (Score:1)
Don't just shorten your URL, make it suspicious and frightening.
http://5z8.info/white-power-rides-upon-stallions-unstoppable_p1i3zc_PIN-phisher [5z8.info]