• silicon.com
• Technology
• Security

By Elinor Mills, 8 July 2009 10:53

NEWS

Email security provider MessageLabs said on Tuesday it saw a dramatic spike in the number of spam emails that include shortened URLs.

Shortened URLs, which allow spammers to hide the real web address from web surfers and are commonly used on social media sites like Twitter where message character length is restricted, began a sharp rise last week and now appear in more than two per cent of all spam caught in the company's spam trap, according to MessageLabs.

Matt Sergeant, a senior anti-spam technologist at MessageLabs, said: "Usually when we see a spike of this nature it tends to indicate that a spammer has found some method of automating the creation of these short URLs."

The many URL shortening services make it more convenient to post long URLs on sites like Twitter but they also make it easy for attackers to lead web surfers to sites hosting malware.

A major spam botnet called Donbot has aggressively moved to using this technique, Sergeant said. Donbot appears to be primarily focused on displaying advertisements but could be linking to sites that drop malware onto visitors' computers too, he said.

Spam-filtering software can block spam from getting into inboxes and programs like Long URL Please and shortText make it easy to see what the real URL is.