Shortened URLs spike in e-mail spam

E-mail spam that includes truncated Web addresses sees a dramatic increase very recently, security provider MessageLabs says.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

July 8, 2009 6:24 a.m. PT

This graph show the sharp rise in the number of spam e-mail messages sent recently that include short URLs. MessageLabs

In yet another piece of anecdotal evidence of the increasing threat from shortened URLs, e-mail security provider MessageLabs said on Tuesday it saw a dramatic spike in the number of spam e-mails that include truncated Web addresses.

Shortened URLs, which allow spammers to hide the real Web address from Web surfers and are commonly used on social media sites like Twitter where message character length is restricted, began a sharp rise last week and now appear in more than 2 percent of all spam caught in the company's spam trap, according to MessageLabs.

"Usually when we see a spike of this nature it tends to indicate that a spammer has found some method of automating the creation of these short URLs," said Matt Sergeant, a senior antispam technologist at MessageLabs.

The many URL shortening services make it more convenience to post long URLs on sites like Twitter, but they also make it easy for attackers to lead Web surfers to sites hosting malware.

A major spam botnet called Donbot has aggressively moved to using this technique, Sergeant said. Donbot appears to be primarily focused on displaying advertisements, but could be linking to sites that drop malware onto visitors' computers too, he said.

Spam-filtering software can block spam from getting into inboxes and programs like Long URL Please and shortText make it easy to see what the real URL is.