Application security

Amount of spam with shortened links nearly doubles

Spammers increasingly are abusing free online link shortening services, resulting in a significant increase in the amount of spam containing shortened links over the past year, according to a Symantec report released Thursday.

The amount of spam containing shortened links peaked in April and represented 18 percent of spam, or 23.4 billion messages, states Symantec's July 2010 MessageLabs Intelligence Report.

This figure is nearly double last year's peak levels, when shortened links were present in 9.3 percent of spam, or the equivalent of more than 10 billion spam emails worldwide.

The average overall volume of spam containing shortened links also hasincreased compared to last year, indicating that the use of shortenedURLs has become a sustained spamming tactic, rather than a techniquethat occasionally is used, the report states. During the firsthalf of 2010, one in 76.3 emails contained a shortened URL, compared toone in 1,769 emails during the first half of last year.

Free link shortening services are popular among spammers because they disguise the actual destination of a URL but are trusted, the report states. Additionally, many URL shortening services do not require users to register or complete a CAPTCHA to use their services.

“As far as spammers are concerned, any tactics that make it harder to block their spam emails are going to be exploited,” Paul Wood, a MessageLabs Intelligence senior analyst for Symantec Hosted Services, said in a statement. “When spammers include a shortened URL in spam messages, these shortened hyperlinks contain reputable and legitimate domains, making it harder for traditional anti-spam filters to identify the messages as spam based on the reputation of the domains found in the spam emails.”

Some link shortening services have instituted security controls to counter the epidemic. For example, anti-virus firm Sophos recently partnered with to provide visibility into infected websites through its behavior detection capabilities, search engine partnerships and anti-spam honeypots. The Symantec report also found that the orchestrators of the Storm botnet, which resurfaced earlier this year, are responsible for much of the spam containing shortened links. As much as 11.8 percent of all spam containing shortened links can be attributed to the notorious network of compromised computers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.