Welcome Guest. | Log In | Register | Membership Benefits

Spam Gang Puts Up 80 URL-Shortening Service Sites

Symantec discovers spammers leaving their own URL-shortening services open to the public

Oct 25, 2011 | 02:07 PM | 

By Kelly Jackson Higgins
Dark Reading
URL shorteners have become a popular tool for spammers to hide their spam sites, but now there's a spam gang with at least 80 public URL-shortening service websites open for anyone to use.

Researchers at Symantec, who discovered the URL-shortening websites this month, say they use the ".info." domain. "However, unlike the URL shortening sites we discovered in May, these sites are effectively public URL shortening sites. Anyone can create a shortened URL on these sites; the form to do so is also publicly available," the Symantec Intelligence Report for October 2011 says. "Spammers are using a free, open source URL shortening scripts to operate these sites. At the time of writing, 87 different domains were identified as being used in this fashion."

It works like this: Spammers create their own shortened URLs with their own service and then spew their spam with those URLs. Their email lures range from, "It's a long time since I saw you last!" and, "It's a good thing you came," and include the shortened URL, which redirects users duped into clicking on it to a pharmaceutical spam site.

According to Symantec, the domains for the spammers' URL-shortening sites include Moscow-based contacts, and are hosted by a U.K. subsidiary "of a large hosting company," which Symantec has alerted about the ruse.

So why the public URL-shortening sites? "Perhaps this is simply due to laziness on the spammers' part, or perhaps an attempt to make the site seem more legitimate," according to Symantec.

Paul Wood, senior intelligence analyst for Symantec, says anyone who uses the spam gang's URL-shortening services rather than a legitimate one is at risk of having their email flagged as spam. "The only purpose these domains have thus far been used for is in spam emails. We have not seen a legitimate use for them yet," Wood says.

Meanwhile, the use of legitimate URL-shortening services is still under way, although not as widely as earlier this year, according to Symantec. A full copy of the report is available here.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Cloud Security Reports

report Monitoring And Measuring Cloud Providers' Security Performance
There is no ignoring the cloud, which means that IT professionals must find ways to monitor and measure the performance of cloud providers. While moving even in part to a cloud model is a big change for many reasons, the most significant difference is a loss of direct control. Just as security groups often struggle with managing security inside a corporation when in a governance role, we struggle even more with governing the security of assets that no longer sit within our own data centers. The challenge is to develop and implement a strong governance model for these cloud offerings that ensures that security is part of the conversation.

report How to Manage Identity in the Public Cloud
Use of the public cloud for enterprise applications complicates what was already a complicated task: identity management. As companies increase their use of cloud-based applications, IT and security professionals must make some tough and far-reaching decisions about how to provision, deprovision and otherwise manage user access. This Dark Reading report examines the options and provides recommendations for determining which one is right for your organization.

report Spot Trouble In The Cloud: Adapting Security Monitoring & Incident Response.
Security monitoring, incident response and forensics are essential, even in the cloud. But the cloud by definition implies relinquishing at least some control, which can make these practices problematic. In this report, we identify the challenges of detecting and responding to security issues in the cloud and discuss the most effective ways to address them.

Other reports from the Cloud Security Tech Center:




Featured Webcasts
Featured Whitepapers
Featured Reports