Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Establish Fake URL-Shortening Services

Posted by timothy on from the services-seems-a-strong-word dept.

Orome1 writes "Spammers are establishing their own fake URL-shortening services to perform URL redirection, according to Symantec. This new spamming activity has contributed to this month's increase in spam by 2.9 percentage points, a rise that was also expected following the Rustock botnet takedown in March. Under this scheme, shortened links created on these fake URL-shortening sites are not included directly in spam messages. Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. These shortened URLs lead to a shortened-URL on the spammer's fake URL-shortening Web site, which in turn redirects to the spammer's own Web site."

19 of 99 comments (clear)

  1. Good news, no? by greichert · · Score: 4, Interesting

    So if you block the fake URL-shortening domain with an "ad-blocker" or at the browser level (à la Google Chrome), you avoid pretty simply the redirection to the spam side, without having to block the legitimate URL-shortening sites. Or am I missing something?

    1. Re:Good news, no? by WrongSizeGlass · · Score: 3, Informative

      Or am I missing something?

      What we're all missing is the list of these fake URL-shortening sites. Neither the article or the full PDF listed them.

  2. It was to be expcted by Pegasus · · Score: 4, Interesting

    I always found url shortening to be a weird and potentially dangerous practice. Trading some comfort to squeeze your link into a tweet for the comfort to actually predict where this link will take you? No thanks. If url does not fit into a tweet, then it's a tweeter problem that tweeter should fix. That's also why I don't use tweeter. I find IRC superior :)

    1. Re:It was to be expcted by erikdalen · · Score: 4, Interesting

      I've seen URL shortening used in print magazines for quite a long time as well though. Where it makes sense as you have to type the URL by hand to visit it. So Twitter isn't the only use case.

      --
      Erik Dalén
    2. Re:It was to be expcted by stonewallred · · Score: 2
      It is 2011, who clicks on blind links in emails from people you don't know, or do know for that matter?

      There are 4 people who can send me an email with a link that I will click without at least googling it first.

      3 of them are IT professionals for major corporations, and the other is a security nut.

    3. Re:It was to be expcted by jez9999 · · Score: 2

      What is tweeter?

      --
      == Jez ==
      Do you miss Firefox? Try Pale Moon.
    4. Re:It was to be expcted by Anonymous Coward · · Score: 3, Funny

      The opposite of a woofer. Or if you remember Beavis and Butthead... it's the name for the genitalia of a praying mantis. :)

    5. Re:It was to be expcted by kyrio · · Score: 4, Insightful

      The problem is that nearly every computer user clicks on random links. The people who actually know how to use a computer are a very small amount of the total computer users.

    6. Re:It was to be expcted by Mr_Silver · · Score: 2

      I always found url shortening to be a weird and potentially dangerous practice. Trading some comfort to squeeze your link into a tweet for the comfort to actually predict where this link will take you?

      To be fair, it's not just Twitters fault.

      It's also the fault of websites who come up with insane 350 character URLs and email clients that attempt to word-wrap the aforementioned 350 character URL and manage to make the hyperlink unclickable.

      Oh and Slashdot coders who include the number of characters in between < and > as part of the overall word count for your signature.

      --
      Avantslash - View Slashdot cleanly on your mobile phone.
  3. call me overly paranoid, but... by thomasdz · · Score: 4, Insightful

    I've never trusted ANY of the URL shortening services. in this age of cut-and-paste, for the most part (except for twitter) *I* really don't see the need for them. (note, I said "*I* don't see any need for them...it's an opinion...don't flame me for an opinion)
    I've been goatse.cx-ed on Slashdot too many times, I guess! :-)
    when I see a short URL (even those short valid ones from Reddit's imgur.com), red flags go off in my brain. (yeah that hurts)

    --
    Karma: Excellent. 15 moderator points expire sometime.
  4. TinyURL by The+MAZZTer · · Score: 5, Informative

    You can mitigate this on TinyURL by using this.

    1. Re:TinyURL by freedumb2000 · · Score: 3, Insightful

      That should really be the default setting.

    2. Re:TinyURL by dmomo · · Score: 2

      Should be, but it just doesn't go over well. I tried that with SoCuteUrl and got a number of emails asking to change it back. I do allow users to set a cookie so that they always go to preview first, but most people don't know it exists.

      One additional benefit this practice could have, though, is to make it harder for people to use the service for SEO, since it would not resolve to the spammy page.

  5. Re:Who cares about spammers by erroneus · · Score: 2

    It's a question of what scope you care about.

    Many "netizens" care about the entire internet and all of its users [to a degree]. As for myself, I don't give it much thought since, like you, I don't have a problem as my methods, manners and technologies keep me clear of such problems. But in the interests of goodness and justice, I still care about the idiots, morons and unwashed out there who simply don't [care to] know any better. The scum out there needs to be killed.

  6. Re:Who cares about spammers by Anonymous Coward · · Score: 2, Insightful

    Can't tell if trolling or just stupid.

    My gmail account (about a year old, very odd spelling, probably not randomly targeted) gets around 100 per day, 99 of them get filtered

    My work email (firstinitial.lastname@) gets around 500 per day, filter manages to take out almost all of them.

    Yet I am still a spam victim, and so are you.
    Our corporate mail server only serves about 300 non-alias email addresses. Some of our sales people and executives get upwards of 2000 spam messages a day, and though we are able to filter fairly effectively, thus mitigating the immediate impact to our users; the cost of fighting the spam, upkeep on the filters (1 false positive is worse than 100 spam getting into the inbox) the cost of the appliances, the cost of the rack space, cooling, electricity, etc....

    The secondary cost of spam is MASSIVE.
    For you it causes higher prices for internet, but it also causes the entire internet to run slower. WAY slower. Because while 100 spam messages would download to me in a few seconds and take a few more seconds to delete (or less because it got filtered) the approximately 55 BILLION spam messages that are sent each day comprise 70-80% of emails sent per day.

    Hell, go ahead and take it to the PER USER level on costs. Just like text messages, my phone's internet is cost per unit. A spam email uses some quantity of that unit. Thus a spammer sending me a spam email (that makes it through the filter) costs me that money directly.

    Also, as has been said many times before: Spam is not passive, it's active.
    IT COSTS ME MONEY EVERY TIME I GET SPAM.

    My two choices are "Pay for the spam" or "Don't use any email ever".
    If I gave you the choice of paying me 5 pence every time I call you (even if you don't answer) or never again using any form of electronic voice communication (so as to catch any type of VoIP) you'd want me charged with extortion.

    tl;dr -
    spam uses data -> you pay for data used -> you're a spam victim.
    spam costs me money against my will, without being a government agency (they take my money all the damn time) = THEFT

  7. Re:Who cares about spammers by Tony+Isaac · · Score: 2

    Who cares?

    Parents! Teenagers are really bad at distinguishing between real and fake. They just click on anything that pops up to make it go away, and they click e-mail links because they look interesting.

    Also, computer illiterates, especially older people. My brother-in-law bought something called "Win Anti-Virus" because he got spam telling him that his anti-virus software was out of date. He didn't realize that it wasn't "Norton" Anti-Virus, and that "Win Anti-Virus" is actually a scam.

    If you look at spam victims as idiots who deserve to be taken, then I see your point. But if they are people you care about, things look a little different.

  8. Something like that? by kill-1 · · Score: 2

    Something like shadyurl.com? This has always been one of my favorite URL "shorteners".

  9. Shorteners Could Be a Trap by sherriw · · Score: 2

    I always wondered what if a not so scrupulous person set up a url shortening service that operated legitimately for a while getting itself spread all over the web. Then one day they change it so that all the urls now point to a frame with the target site surrounded by ads. It would be mostly too late to stop it, and the terms could be along the lines of "we reserve the right to do anything we want with shortened urls".

    It drives me mad when I see URL shorteners used in places that do not have a space limitation. Like on a regular website. I get the point of using it on twitter or txt messages, but on a blog or website? Ug. It's killing the web.

  10. explain to me by Gnaythan1 · · Score: 2

    why are we not prosecuting the advertisers themselves for fraud? who the hell gives these people money to make this multi-headed, nested box, country jumping, spam monster?

    Doesn't it boil down to one end getting spam, and the other end getting money? If there is a way for money to transfer to that end, then there should be a way for people to find that end, and then charge them five times whatever money they made in fines.

    Stop hitting HOW they spam, and start hurting WHY.