Sites like Tinyurl.com and Bitly.com are the go-to places for Tweeters who do not want long URLs to eat up their typing space. However, shortened URLs have a second, more insidious use. They allow spammers and hackers past the old email filters and into your inbox.
Most email anti-spam engines were created before the use of embedded URLs in emails, not to mention shortened ones. Most anti-spam programs try to trace back the URL to see if the site is dangerous. However, a shortened URL can be used by hackers two ways.
The first way is simple. They plug the site they want you to get directed to into one of the known and trusted URL shortening sites available for free to the public. Because the URL shortening site is trusted, the link is trusted. However, the link does not take you to the URL shortening site; it takes you where it was originally directed.
Secondly, hackers get even more creative. Once the anti-spam filters get around the URL shortening sites, as some have done, hackers create their own URL shortening sites. Essentially, they shorten a site that’s already shortened. So, when you click on the link, you get redirected not once, but twice. The first redirection is safe, the next is a hackers.
This was “yet another example” of cyber-criminals adopting new technology to bypass traditional security measures, said Bradley Anstis, vice-president of technical strategy at M86.
“A lot of the traditional anti-spam engines were developed before Twitter, so they are not geared up to recognize embedded URLs as seen in blended email threats in spam, let alone shortened URLs that link to malicious, or compromised Web pages,” Anstis said.
Some frightening statistics:
In May 2011, the global ratio of spam in email traffic from new and previously unknown bad sources increased by 2.9 percentage points since April 2011 to 75.8% (1 in 1.32 emails).
The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 222.3 emails (0.450 percent) in May, a decrease of 0.143 percentage points since April. (From Net-security.org)
So, what can you do to protect yourself? For one, never click on an email link if you do not trust the sender. Two, even if you do trust the sender, try to get to the link organically, meaning follow the normal method. If you are checking on a shipment, go through the main website instead of clicking on the link. These simple tricks will help to keep your computer and information safe from hackers.
This Guest post is by Christine Kane from internet service providers. She is a graduate of Communication and Journalism. She enjoys writing about a wide-variety of subjects for different blogs. She can be reached via email at: Christi.Kane00 @ gmail.com.
Here’s a super tip from anarchy4ever – “Some people may call me paranoid but I NEVER click on shortened url links. People should use url enlarger sites such as this one:
Just a personal observation – anarchy4ever is far from being paranoid – sounds like a very sensible solution.
Kate Middleton Nude – As If!
I’m an easy mark when it comes to pomp and circumstance, so like millions worldwide, I just finished watching the Royal Wedding. An impressive occasion, to say the least. Now, I need to relax and get over my Royal Wedding media hangover.
The media frenzy surrounding the wedding is likely to remain at a fever pitch far into the future however, as will the level of cyber criminal activity hooked on to Prince William and Kate Middleton. Hardly surprising, when one considers the size of the “market”. Scoping out “the royal wedding” on Google returns an amazing 53 Million search results – and cyber crooks love a big market.
Cyber crooks don’t miss a trick when it comes to leveraging events surrounding popular personalities, and along with the usual schemes – inbox spam, phony search results, Twitter and Facebook misdirection …….., – Kate Middleton comment spam, as illustrated by the following examples posted here in the last few days, has not been neglected by these parasites.
kate middleton naked
188.8.131.52 – Submitted on 2011/04/27 at 12:19 am
Clicking on the link leads to a 90 MB compressed download hosted at Easy Share. I have no doubt that downloading this file would lead to a very painful experience.
This is actually my personal complete nude and semi-nude picture collection of Kate Middleton I collected over the last 10 weeks. http://www.megaupload.com/?d=8KKIJIWT Caution: Don’t leak this pack outside of this website or I will eliminate this comment and also chase you down to hell!
Clicking on this link leads to a similar 90 MB compressed download.
prince william wedding
184.108.40.206 – Submitted on 2011/04/27 at 12:19 am
Download and view this entire pic series of Kate Middleton along with pretty much all the unclothed as well as naughty images one can locate on the world wide web. http://www.fileserve.com/file/xnj2k2Q Caution: Don’t leak this pack outside of this site or I will delete this post and hunt you down to hell!
A similar set up – clicking on the link leads to a 90 MB compressed download.
If you’ve ever wondered why comments on this site, and many other sites for that matter, are held for moderation by a site administrator, the simple answer is – comment spam, as illustrated, can be extremely dangerous.
The amount of time required to effectively control comment spam is not insignificant. For example, since I first setup this site, I’ve dealt with over 55,000 spam comments.
Conservatively, it takes 10 seconds to check each spam comment (spam filters are not perfect) – that amounts to 152 hours, or 4 plus weeks, of wasted time. Needless to say – I consider comment spammers to be far down on the human evolutionary scale.
Same old – same old:
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Filed under Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Freeware, internet scams, Internet Security Alerts, Malware Alert, Online Safety, Software, spam, Windows Tips and Tools
Tagged as Bill Mullins, comment spammers, cyber criminals, cyber-crooks, Kate Middleton, phony search results, Prince William, royal wedding, spam, Tech Thoughts