Commentary

Where Does That Short URL Lead?

spam emails

How many spam emails do you get daily? Spam emails account for approximately 88.9% of emails sent in June, down 0.4 percentage points, sequentially. One in 306.1 emails got blocked as malicious, down 0.04 percentage points, and 17.1% of email-borne malware contained links to malicious Web sites. That's the rundown from the MessageLabs Intelligence Security Report, July 2010.

The amount of spam dropping slightly represents good news for marketers trying to get their emails past spam filters, and opened and read on desktops and mobile devices. The bad news is spammers have moved on. Now they attach pesky code to short links.

shortened urls

During the past year the percentage of spam containing shortened hyperlinks increased significantly, up 18%, or 23.4 billion spam emails, as of April 2010. This doubled from the prior year when spam with shortened hyperlinks accounted for 9.3%, more than 10 billion spam emails, as of July 2009.

Daily activity has increased, too. In Q2 2009, shortened hyperlinks only appeared one day in more than 1 in 200 (0.5%) of spam messages. Fast forward one year later and there were 43 days when at least 1 in 200 spam messages contained shortened hyperlinks and 10 days where at least 5% of all spam contained these links.

The shorten links also reveal the Storm botnet, which returned in May 2010, was responsible for the greatest volume of botnet spam containing short hyperlinks, accounting for 11.8% of all spam with shortened hyperlinks. MessageLabs Intelligence also found that on average one Web site visit is generated for every 74,000 spam emails containing a shortened URL link. The most frequently visited shortened links from spam received more than 63,000 Web site visits.

Paul Wood, senior analyst at MessageLabs Intelligence, says the team looked at malicious hyperlinks related to some of the more popular social networking and micro blogging sites, but findings will come in a separate report not yet finalized.

The analysis for the most recent July report was based on URLs that appeared in spam emails, notably those related to a URL shortening service. These are often the same services popularly used on sites like Twitter, but MessageLabs Intelligence did not investigate the URLs shared on Twitter or other social media sites for this report.

Free services that shorten links, allowing people to add additional information in Twitter posts, grew in popularity among spammers. The links are legitimate, but disguise the URL destination. It's easy to use URL shortening services, as users do not need to register to create an account first. This unfortunately makes it all the easier for spammers to abuse, Wood says.

In an earlier Search Marketing Daily post, readers looked for definitions of malware and other malicious code. Symantec employee Marissa Vicario took a look at different types of email message that contain a variety of malicious code, such as general spam, phishing, malware, and targeted attacks. Similar to before, each has a distinct pattern of its own. She says Malware is different from general spam as the aim is not to take money, at least not directly, but rather install code on the victim's machine that can then allow the hacker to do nearly anything. The machine could turn into a botnet for spamming or be used to monitor the user's traffic and steal information, she explains.

Vicario also suggests the words in emails used to lure consumers tend to take an informational tone, explaining the recipient has received a message, or there is something wrong with their account. Anything that could convince him or her to visit a link to a Web site hosting malicious code, where cyber criminals attempt to infect the PC using a drive by download, or to open and run an attachment. Phishing uses some of the same words similar to malware, like "account" or "mail," but looking at the whole we see a pattern geared much more toward personal information. Words like address, form, personal, error, inconvenience, security. These are all words that when put together start to paint a picture of a typical phishing scheme. The advice should help advertisers, marketers and consumers distinguish the good from the bad.

2 comments about "Where Does That Short URL Lead?".
Check to receive email when comments are posted.
  1. Jamie Gorman, August 4, 2010 at 9:11 p.m.

    Using bit.ly you can customize your short url. Does customizing it help keep you out of the spam filters or would the filter on the "bit.ly" part?

  2. Chris Nielsen from Domain Incubation, August 4, 2010 at 10:52 p.m.

    I am not aware of any services that flag short URLs as spam, but if there are some that only spammers use I would not be surprised. Flagging bit.ly would lead to many false positives.

    Some of the better short URL sites have an option where you can put in the short URL and see what it willl take you to before you use it.

    Great article to raise awareness of this topic, but I have a couple of things to add:

    1) Most short URLs used in SPAM can be reported to the site that offers the link. If you get spam with something like www.bit.ly/xu7ydt you can report the spam at www.bit.ly/. NEVER click on a spam link or any link you are not sure of. Reporting the link will generally alert the site owner and they will disable the link. If there is no way to report the link to the site owner, you can report the site since the link for their site is being promoted via spam. It is not common, but the spammer may own the short URL site to avoid having their links deleted.

    We reported one short URL last week that was used to take people to a "Click Bank" site. Clickbank.net does not allow their products to be promoted via spam and after we reported it the account of the spammer was closed.

    2) Making short URLs does NOT take anything fancy, expensive, or very technical. Most webmasters can create one for you in about 30 seconds and if you give them a minute or two they can add some features like tracking so you can see how many times the link has been used or the referrer site that had the link that was clicked if it was on a site.

    Creating your own short URLs not only keeps anything from happening to them, it also looks more professional since it's hosted on your domain or one under your control. Registering a domain just for this use, something like MediaPostURLs.com is not that long and helps to market your brand.

Next story loading loading..
About the Author

Laurie Sullivan is a writer and editor for MediaPost. You can reach Laurie at lauriesullivan@gmail.com.