Scammers build fake URL shortening services to improve spam success

Security experts at Symantec are warning that spammers are building their own URL shortening services, which they use in combination with legitimate shortening services to trick users of Twitter and social networks to visit their web sites.

The firm's MessageLabs Intelligence Report for May 2011 found that the new developments have led to a 2.9 per cent increase in spam during the period.

Symantec explained that, rather than include the shortened links created on these fake URL shortening sites, spammers build shortened URLs created on legitimate shortening sites like bitly which, if clicked, lead to a shortened URL on the spammer's fake URL-shortening web site.

This in turn will redirect to the spammer's web site, according to Symantec.

URL shortening services are popular among users of Twitter and social networking sites given the space constraints, and have already been seen tricking users into clicking through to malicious sites.

However, most of the URL abuse noted by Symantec has been in regular spam campaigns, according to Nick Johnston, Symantec.cloud's senior software engineer.

"Most shortened URL abuse is for normal spam, mainly pharmaceutical products, counterfeit luxury goods, get-rich-quick scams and pornography," he told V3.co.uk.

"However, we have seen some limited use of shortened URLs pointing to malware, typically 'drive-by' exploits and some executable files. We have also seen very limited use of shortened URLs in phishing, mostly impersonating financial institutions in Brazil."

Global spam levels now stand at 75.8 per cent, or one in 1.32 emails, with the UK coming in just a fraction under at 75.4 per cent.

However, the UK has the highest rate of malicious emails across the globe at one in 91.7, while the worldwide figure is one in 286.7.