Shortened URLs Becoming Hot Targets for Malware Attacks

Fortinet cautions on using URL Shortening Service as it enables criminals to obfuscate malicious links that infects user’s system

MALAYSIA, 14 November 2011 – Avid Internet users of Twitter and other social networking sites are advised to be cautious when using URL shortening services which offer a convenient way to package and transmit long and unwieldy Website addresses to specific recipients.

Fortinet Inc, a worldwide provider of network security appliances and the market leader in unified threat management (UTM), has warned in its latest October Threat Landscape report that using URL shortening services exposes users to malware attacks.

When a user clicks on a shortened link, he or she is quickly redirected to the Website’s original address. Because URL shortening services are able to reduce the number of characters in a typical Web address, they’re a favorite among Twitter users. They’re also frequently used for email purposes, because some email applications have the tendency to break longer links during transmit or arrival. Unfortunately, the benefit of a URL shortening service is also its biggest weakness, as the service enables criminals to obfuscate malicious links that can infect a user’s system.

Historically, Fortinet has always recommended that users place their cursor over a questionable URL before clicking on it to see if that link is actually being redirected to a questionable page. However, this safety measure is not applicable to shortened URLs. There’s no sure fire way to tell in advance when a user clicks on a shortened URL if they are about to be redirected to a malicious site.

“Advances in anti-spam techniques are catching much of today’s shortened link malware,” said Derek Manky, senior security strategist at Fortinet. “However, we’re now starting to see malicious software creators creating their own URL shortening services to circumvent the latest spam detection technology. This is yet another example of crime as a service (CaaS) that cybercriminals offer,” added Manky.

One way to determine if a shortened URL is pointing to a malicious site is to look at the domain at the end of the link. Most observed malicious URL shortening services have been recently using the .info domain. Another way to tell if a shortened URL is redirecting to a malicious site is to paste the questionable link into a URL filtering tool, such as Fortinet’s URL Lookup. Finally, a proper Web filtering solution helps to protect against URL shortening services since the full domain is still resolved and checked.