Softpedia >News >Security
Softpedia Homepage   

URL Shortners Increasingly Used in Spam

TinyURL and k.im preffered by phishers and malware distributors

Jul 19, 2010 16:11 GMT  ·  By
URL services increasingly abused by cybercrooks
   URL services increasingly abused by cybercrooks

Security researchers from German antivirus vendor Avira, warn that the use of URL shortening services in spam is on an ascending trend. According to data gathered by the company, tinyurl.com is the most abused URL shortner when it comes to phishing attacks, while k.im is preferred for malware distribution.

Created in 2002, TinyURL was the first URL shortner used en mass. It was the service of choice for Twitter users until 2009, when the microblogging website replaced it as its default shortner with Bit.ly. However, despite its market share having dropped considerably, TinyURL is still the most abused service when it comes to phishing attacks.

According to Avira's figures, TinyURL accounts for 41.30% of shortened URLs leading to phishing pages. Bit.ly, which is the most widely used service, comes second with 15.29%, while 4r2me.com's takes the third spot with a rate of .04. Snipurl.com (7.16%), lu.mu (6.50%), doiop.com (4.52%), notlong.com (3.55%), is.gd (1.93%), tiny.cc (1.81%), sn.im (1.69%) fill the rest of the top ten positions.

When it comes to URLs pointing to malware, the stats are quite different, suggesting that phishers and malware distributors don't have the same taste in URL shortners. The services occupying the first two places, k.im and notlong.com, are almost tied with 27.82% and 27.05% respectively. TinyURL is third with 18.85%, and cli.gs (7.38%), bit.ly (7.38%), doiop.com (4.10%), ad.ag (2.46%), is.gd (1.64%), tr.im (0.82%), snipurl.com (0.82%), follow.

Avira monitors a list of 22 URL shortners, but some of them have not registered any abuse in one category or the other. There are some very curious cases like ad.ag, which hasn't hosted any phishing page according to the stats, but took the seventh place in the malware list. The exact opposite happened with r2me.com, which scored third for phishing and zero for malware. Others like lu.mu, cli.gs, tiny.cc are in similar situations.

These services usually have terms and conditions […]. Nobody seems to care about these terms, considering the amount of shortened URLs we see abused in illegal activities. At least, some of these services have started filtering all shortened links through special services. Overall, we see more and more SPAM using shortened URLs, anyhow,” Sorin Mustaca, manager of international software development, commented.

You can follow the editor on Twitter @lconstantin