Symantec: Spammers Creating Fake URL-Shortening Services


Essential Member
With the advent of Twitter driving the popularity of URL shortening services like, TinyURL, and, it was inevitable that some enterprising spammers would cash in on the trend. According to Symantec, that's exactly what they're doing.

According to Symantec's May 2011 MessageLabs Intelligence Report, spammers are using bogus URL shortening services to redirect users to sites loaded with spam, malware, and other nasty stuff. The new attack method has contributed to rising spam rates, with Symantec's report indicating that 30 percent of emailed malware contained links to nefarious sites, an increase of 16.9 percent since April 2011. Symantec's report also pointed out that "the global ratio of spam in email traffic from new and previously unknown bad sources increased by 2.9 percentage points since April 2011 to 75.8 percent (1 in 1.32 emails)." Some other interesting tidbits from the report: Russia was the most spammed country with a spam rate of 82.2 percent, while Canada, the US, and the UK hovered around 75 percent (75.3%, 76.4%, and 75.4%, respectively).


In a statement announcing the news, Symantec MessageLabs Intelligence Senior Analyst Paul Wood explained the nature of the threats in more detail. "MessageLabs Intelligence has been monitoring the way that spammers abuse URL-shortening services for a number of years using a variety of different techniques so it was only a matter of time before a new technique appeared," Wood said. "What is unique about the new URL-shortening sites is that the spammers are treating them as ‘stepping stones’ – a link between public URL-shortening services and the spammers’ own sites."

Does this latest security news make you reconsider using URL shortening services? Let me know what you think by adding a comment to this blog post or by starting up a conversation on Twitter.

Source: Link Removed - Invalid URL
Last edited:


Essential Member
Security experts at Symantec are warning that spammers are building their own URL shortening services, which they use in combination with
legitimate shortening services to trick users of Twitter and social networks to visit their web sites.

The firm's MessageLabs Intelligence Report for May 2011 found that the new developments have led to a 2.9 per cent increase in spam during the period.

Symantec explained that, rather than include the shortened links created on these fake URL shortening sites, spammers build shortened URLs created on legitimate shortening sites like bitly which, if clicked, lead to a shortened URL on the spammer's fake URL-shortening web site.

This in turn will
redirect to the spammer's web site, according to Symantec.

Date: 24 May 2011;

Link Removed - Invalid URL


Essential Member
For the first time ever, spammers have established their own their own fake URL-shortening services to perform URL redirection, Symantec said.

This new spamming activity has contributed to May’s increase in spam by 2.9 percent.

Under this scheme, shortened links created on fake URL-shortening sites are not included directly in spam messages.

Instead, the spam e-mails contain shortened URLs created on legitimate URL-shortening sites.

These shortened URLs lead to a shortened-URL on the spammer’s fake shortening site, which redirects to the spammer’s own Web site.

These new domains were registered several months before they were used, potentially as a means to evade detection by legitimate URL-shortening services since the age of the domain may be used as an indicator of legitimacy making it more difficult for the genuine shortening services to identify potential abuse.

Source: Link Removed - Invalid URL