Spammers create their own URL shortening services

Discussion in 'malware problems & news' started by ronjor, Oct 25, 2011.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    https://www.infoworld.com/d/security/spammers-create-their-own-url-shortening-services-177088
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks Ron for this.

    What is your advice for users regarding shortened URLs in general -- use a service to view the entire URL, avoid them, click anyway?

    thanks,

    -rich
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Avoid them.

    Shortened links are in use everywhere these days. Twitter for instance. While most of these shortened links may be perfectly legitimate, it trains users to "click away" and of course, the crooks will take advantage of any way possible to trick computer users.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I agree.

    But it's becoming difficult to insist on that as a firm policy since even in legitimate articles, web masters are using shortened URLs to link to other information, and users want to follow the link.

    When I see that, I send an email to the web master.

    regards,

    -rich
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Good idea.

    I personally think using a shortened url is a sloppy way to provide a link in this day and time.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Agreed, but some sites make things difficult, using automatic programs to generate URLs. How about this:

    Yes, that is a legitimate URL, and this is not uncommon.

    A friend sent me a similar usda.gov URL and had to shorten it because her email program broke the link in 4 places with line breaks!

    regards,

    -rich
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    She could send the email and link in plain text. If you copy and paste the link in your browser, it should work.

    The real question is, why does that link have to be so long? :D
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I do not know. Search engines do the same thing:

    (I had to put in some line breaks so the window width wouldn't be too wide)

    regards,

    -rich
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Not being a programmer, I can only assume, those long links contain the information needed by the marketing or programming department of whatever site uses them. A form of tracking of people, places, and things if you will.
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    I don't either and maybe someone can explain it.

    Link shortening is used on links that really have no need to be shortened in my opinion.

    Using plain text mail is one way to eliminate some of the problems and risks associated with HTML mail.
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    I never click on shortened URLs. If someone wants me to see a site, they had best not send to to me this way. There is nothing that uses them that is important enough to see.
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I'd use entire URL service and URLVoid for unknown sites. Not any more dangerous than other URLs this way.
     
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  15. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Not just the usual culprits either :p Yes it's good in one way, as it checks the www's first for Malware etc :thumb: But as been intimated :thumb: it gets people normalised into bad habits = :thumbd:

    McAfee Secure URL Shortener & expander

    http://mcaf.ee/b1d069

    mcaf1.gif

    http://mcaf.ee

    mcaf2.gif

    *

    Here's an AddOn for FF that Undoes the naughty deeds ;)

     
  16. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Clicking on a shortened URL, without first checking it, is akin to "Russian Roulette" surfing, effectively one is saying "take me where you will"...it's a huge risk, but I suspect over 90% of users are totally unaware of the dangers involved.
    The reality is, that one's own awareness and practices are the first line of defence. The criminals are very innovative and ruthless in their "quest" and the weakest and most vulnerable are their number one target.
    This is a very interesting and growing phenomenon, and thanks for posting this ronjor :thumb:
    URLvoid have an expanding service here : http://www.urlvoid.com/extract-url/
     
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Thanks for the new services.
     
  18. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    There is a similar danger in clicking on a hyperlink like this:

    Wilders Security Forum

    Would you click on this link in an email message, or on some blog or chat room site?

    If users' browsers don't display the URL when hovering the mouse over the hyperlink so they can check, users can't be sure where they will end up when they click.

    regards,

    -rich
     
  19. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Hi Rmus, for an hyperlink like you showed, I'll hover over, and see what's displayed above the taskbar before deciding, thanks....I certainly wouldn't go to Google :D Thanks, Dermot :thumb:
     
  20. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    You and probably most who frequent Wilders!

    But I'm thinking of the 90% mentioned above, and this trick has been very successful in the past. One was a paypal scam, where the email had a legitimate link to the paypal login page.

    Hovering the mouse over the link reveals that it is not legitimate, and sends the user to a fake paypal login page:

    paypalphish.gif

    Here is another example of a legitimate link -- using the Wilders URL instead of just the name Wilders as I did above.

    https://www.wilderssecurity.com

    regards,

    -rich
     
  21. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  22. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Last edited: Oct 30, 2011
Loading...
Thread Status:
Not open for further replies.