Shortened URLs – One More Thing To Worry About

image I’ve always though that shortened URLs were one of the dumbest things to ever come down the Internet highway. Given the state of Internet security, who in their right mind would click on a link that looks like this – http://om.ly/2efrq, in an email (for example), as opposed to a link that looks like this – https://billmullins.wordpress.com/.

Anyone who clicks on a shortened URL, in my view, is surfing the Net with their eyes shut. I’m not suggesting that a legitimate looking link is any safer, but at least you should have some idea where it is you’re supposed to end up.

We shouldn’t be too surprised then, to see email spammers (who use every tactic available), take advantage of the obstrufication cause by shortened URLs. Shortened URLs are, in a real sense, hidden web addresses.

There’s little surprise then, that according to the July 2010 MessageLabs Intelligence Report, shortened URLs in spam, are fast becoming a sustained spamming tactic due to loop holes in CAPTCHA requirements for the tiny links, and free-of-charge URL shortening services.

Highlights from Symantec’s July 2010 MessageLabs Intelligence Report:

Spam: In July 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 88.9 percent (1 in 1.12 emails), a decrease of 0.4 percentage points since June.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 306.1 emails (0.327 percent) in July, a decrease of 0.04 percentage points since June. In July, 17.1 percent of email-borne malware contained links to malicious websites, an increase of .4 percentage points since June.

Endpoint Threats: Threats against endpoint devices such as laptops, PCs and servers may penetrate an organization in a number of ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives. Analysis of the most frequently blocked malware for the last month revealed that the Sality.AE virus was the most prevalent. Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the Internet.

Phishing: In July, phishing activity was 1 in 557.5 emails (0.179 percent) an increase of 0.02 percentage points since June. When judged as a proportion of all email-borne threats such as viruses and Trojans, the proportion of phishing emails had decreased by 3.2 percentage points to 60.2 percent of all email-borne malware and phishing threats combined.

Web security: Analysis of web security activity shows that 30.5 percent of malicious domains blocked were new in July, an increase of 0.2 percentage points since June. Additionally, 13.0% of all web-based malware blocked was new in July; an increase of 0.5 percentage points since last month. MessageLabs Intelligence also identified an average of 4,425 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 176.9 percent since June.

The July 2010 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at here.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

17 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, internet scams, Internet Security Alerts, MessageLabs, Online Safety, Symantec, Windows Tips and Tools

17 responses to “Shortened URLs – One More Thing To Worry About

  1. haydoni

    That’s a really great point, and a nice post.

    The main place where these short urls are used (or at least have any obvious benefit) is on=f course Twitter – to keep your character count low. Is every person I follow on Twitter a “trusted source” – no. *gulp*

    I used* to use a Chrome extension which would display the full url (and maybe also a small page rendering) of the shortened url before I click on it… Is this something you would suggest using?
    (I guess a problem with most of these extensions is that they are third party…)
    Do you have any advice which isn’t “don’t click on shortened urls”?

    *I seem to have become more cavalier since then!

    • Hi Haydoni,

      I agree, there are benefits associated with short URLs. But, it seems to me, virtually all of the benefits accrue to web sites, and web developers – not average users. These people would have you believe otherwise, of course.

      I do endorse any tool which will display the full URL, and I thank you for bringing this point to readers attention. The reason i didn’t mention this in the article is – users would be better served if they stopped to consider the ramifications to their security of so called “helpful” tools like URL shorteners. Users need to learn to consider the risks.

      Personally, I refuse to click on a short URL. I’m adamant about that.

      Bill

      • haydoni

        Hi Bill,

        I think I’m going to have to not follow your advice on this one. I suspect that that twitter, and the like, along with short URLs are here to stay and will soon be, if they aren’t already, everywhere. I think we ought to embrace them somehow (but I don’t know how!)… Maybe browsers (rather than third party tools) ought to be displaying the final/extended link when you hover over any URL? There are surely better solutions…

        An interesting point to raise, considering what a short URL is, couldn’t any url be a short URL in disguise? I mean although I read a URL saying it is http://www.billmullins.wordpress.com (supposing I’d never been to that particular site) this could still direct me to http://www.killervirus.com, or whatever.
        Therefore, by your arguments, should your advice be: not to click on any URL which you are unfamiliar with?

        • Hey Haydoni,

          I don’t doubt for a moment that you’re right – “I suspect that twitter, and the like, along with short URLs are here to stay and will soon be, if they aren’t already, everywhere.” That however, increases the risk factor for a typical user. As I said earlier, shortened links have no advantage for the user, only for web sites or developers. As an Internet security professional, I absolutely do not think we should embrace shortened URLs, since they have the potential to be extremely dangerous.

          I like your suggestion that browsers should do all the work – sounds sensible. Again, you’re right – any link can be disguised, or redirected – one reason why one should not click unfamiliar links, particularly in emails. To increase the safety factor, one should use a link checker such as WOT, or AVG LinkScanner, which will advise the user on the the safety of a link. Personally, I use Norton DNS, which will block bad links when activated.

          One other alternative you may be interested in is, Google Safe Browsing. For example, to test my site you would enter the following into your browser address bar – http://www.google.com/safebrowsing/diagnostic?site=billmullins.wordpress.comand the following report would be returned:

          *What is the current listing status for billmullins.wordpress.com?*

          This site is not currently listed as suspicious.

          *What happened when Google visited this site?*

          Of the 3 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-07-19, and suspicious content was never found on this site within the past 90 days.

          This site was hosted on 3 network(s) including AS22576 (LAYER3), AS13768 (PEER1), AS16805 (LAYER3) .

          *Has this site acted as an intermediary resulting in further distribution of malware?*

          Over the past 90 days, billmullins.wordpress.com did not appear to function as an intermediary for the infection of any sites.

          *Has this site hosted malware?*

          No, this site has not hosted malicious software over the past 90 days.

          Bill

  2. Bill,

    Shortened URL’s – I concur with you 100 percent. I have never used them, never will… I know when I see one it has me second guessing. Great post idea!

    Rick

  3. poch

    This is surely one tool that hackers use to bait victims.

  4. Siam

    Nice article, Bill. Unfortunately, I also think shortened URLs are going to be with us for a long time. Social networking – including Twitter – are part and parcel of business nowadays. We use Twitter for our organization – but that’s only time I post or read them. And by necessity, we use shortened URLs. For those people who use Firefox, there are a number of extensions that can help to detect the real link. These include:

    Expand Short Url (https://addons.mozilla.org/en-US/firefox/addon/58517/)
    TheRealURL (https://addons.mozilla.org/en-US/firefox/addon/60152/)

    There are others as well. If you do a search for ‘URL’ on the Mozilla Firefox add-ons site, more will be listed. I haven’t used any of these, so I can’t vouch for their efficiency. But at least the issue is being addressed.

    Thanks again, Bill.

    • Hey Siam,

      You’re right of course. It’s impossible to hold back what’s perceived as “the tide of progress” – despite the fact, it may not be progressive. Sad, really.

      Thank you for putting together the list of extensions – very cool!

      Best,

      Bill

  5. Hi Bill

    Personally, I use an UntinyFox plugin in Firefox to reveal the real URLs.

    https://addons.mozilla.org/en-US/firefox/addon/10181/

    Regards,
    Dave K

  6. Pingback: Tweets that mention Shortened URLs – One More Thing To Worry About « Bill Mullins' Weblog – Tech Thoughts -- Topsy.com