Spammers using public URL shortening service to evade detection

Spammers have built their own public URL shortening services to embed short links into unsolicited messages in the latest attempt to bypass traditional security defences, according to this month's Symantec Intelligence Report (PDF).

October's report found that the global ratio of spam in email traffic actually fell by 0.6 per cent to 74.2 per cent. However, the use of free, open source URL shortening scripts to conceal links to spam sites in emails could increase success rates, the security firm said.

Symantec first revealed that spammers were using what appeared to be their own URL shortening services back in May, although in effect these were a "poor man's version" of such services, according to Symantec senior intelligence analyst Paul Wood.

The ones uncovered in this month's report are more akin to legitimate versions of these services. At least 87 shortened URLs have been spotted so far, all with the same naming pattern and .info domain.

"It appears they're from the same open source software running on a server, enabling you to put in a URL to generate whatever you want," Wood told V3.

"They've gone to great lengths to create these domains, maybe to bypass traditional [filters]."

The URL shortening services are also apparently open to the public, meaning that anyone can use them to create a URL. Wood suggested that this may be a ploy to legitimise the sites so that they become harder for the relevant hosting firm to justify shutting down.

Symantec also observed a premium rate SMS dialler which masquerades as a legitimate VoIP app, targeting users in eastern Europe.

Premium SMS diallers have grown in popularity among cyber criminals, especially in Asia and eastern Europe, as they look for increasingly diverse ways of extorting money out of their victims.