Tag Archives: infected webiste

Shortcut Express to Infected & Phishing Websites

URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter is a prime example), these URL are very practical…

For example, you’d spend 64 characters to point to Wiki’s article about URL shorteners: http://en.wikipedia.org/wiki/URL_shortening. With an URL shortener, you can cut that down to 16 characters: http://bit.ly/c1htE.

URL shorteners, however, can be used to hide the real target of a link. Cyber criminals appreciate this “feature” – and use it to hide links to phishing or infected websites. These services usually have terms and conditions comparable to TinyURL:

“TinyURL was created as a free service to make posting long URLs easier, and may only be used for actual URLs. Using it for spamming or illegal purposes is forbidden and any such use will result in the TinyURL being disabled and you may be reported to all ISPs involved and to the proper governmental agencies. This service is provided without warranty of any kind.”

Few seem to care about these terms, which are regularly flaunted in the pursuit of profit. Happily, however, certain services have started to filter shortened links through special services, even if this has so far failed to stem the flow of shortened SPAM URLs.

Below are statistics with the percentage of malicious links identified on 22 popular URL shortener services:

Phishing

Malware

# Shortener % Shortener %
1 tinyurl.com 41.30 k.im 27.87
2 bit.ly 15.29 notlong.com 27.05
3 r2me.com 12.04 tinyurl.com 18.85
4 snipurl.com 7.16 cli.gs 7.38
5 lu.mu 6.50 bit.ly 7.38
6 doiop.com 4.52 doiop.com 4.10
7 notlong.com 3.55 ad.ag 2.46
8 is.gd 1.93 is.gd 1.64
9 tiny.cc 1.81 tr.im 0.82
10 sn.im 1.69 snipurl.com 0.82
11 k.im 0.96 ow.ly 0.82
12 shorl.com 0.66 dwarfURL.com 0.82
13 tr.im 0.60 zi.ma 0.00
14 goo.gl 0.54 u.nu 0.00
15 ow.ly 0.48 tiny.cc 0.00
16 cli.gs 0.30 sn.im 0.00
17 u.nu 0.18 shorl.com 0.00
18 moourl.com 0.18 r2me.com 0.00
19 idek.net 0.12 moourl.com 0.00
20 dwarfURL.com 0.12 lu.mu 0.00
21 zi.ma 0.06 idek.net 0.00
22 ad.ag 0.00 goo.gl 0.00

Source: Avira Virus Lab, taken from the month of July, 2010.

Shortened Links Can Mask A Threat

To give you an example, would you click on the following link?

www.ssl-albion-netbank.com/143.027.902

Probably not… The bank’s made-up name and use of random numbers would rightly give you misgivings. However, under a shortened guise – http://goo.gl/mDNuMg – one would not know that it’s a phishing website (in this case, a dead link).

Recommendations:

The bottom line is that if you can, avoid clicking on shortened URL links. If you do need to click on shortened links, copy and paste the link into a link lengthener – such as http://longurl.org/, which displays the full version of the links without having to click on it (exists also as a browser extension for Chrome and Firefox).

Finally, we recommend you equip yourself with Avira’s free Browser Safety extension, also for Chrome and Firefox, which blocks infected websites before they load. To learn more about Browser Safety, visit Avira’s website here: https://www.avira.com/en/avira-browser-safety

The post Shortcut Express to Infected & Phishing Websites appeared first on Avira Blog.

Shortcut Express to Infected & Phishing Websites

URL shorteners are a relatively new Internet service. As many social services on the Internet impose character limitations (Twitter is a prime example), these URL are very practical…

For example, you’d spend 64 characters to point to Wiki’s article about URL shorteners: http://en.wikipedia.org/wiki/URL_shortening. With an URL shortener, you can cut that down to 16 characters: http://bit.ly/c1htE.

URL shorteners, however, can be used to hide the real target of a link. Cyber criminals appreciate this “feature” – and use it to hide links to phishing or infected websites. These services usually have terms and conditions comparable to TinyURL:

“TinyURL was created as a free service to make posting long URLs easier, and may only be used for actual URLs. Using it for spamming or illegal purposes is forbidden and any such use will result in the TinyURL being disabled and you may be reported to all ISPs involved and to the proper governmental agencies. This service is provided without warranty of any kind.”

Few seem to care about these terms, which are regularly flaunted in the pursuit of profit. Happily, however, certain services have started to filter shortened links through special services, even if this has so far failed to stem the flow of shortened SPAM URLs.

Below are statistics with the percentage of malicious links identified on 22 popular URL shortener services:

Phishing

Malware

# Shortener % Shortener %
1 tinyurl.com 41.30 k.im 27.87
2 bit.ly 15.29 notlong.com 27.05
3 r2me.com 12.04 tinyurl.com 18.85
4 snipurl.com 7.16 cli.gs 7.38
5 lu.mu 6.50 bit.ly 7.38
6 doiop.com 4.52 doiop.com 4.10
7 notlong.com 3.55 ad.ag 2.46
8 is.gd 1.93 is.gd 1.64
9 tiny.cc 1.81 tr.im 0.82
10 sn.im 1.69 snipurl.com 0.82
11 k.im 0.96 ow.ly 0.82
12 shorl.com 0.66 dwarfURL.com 0.82
13 tr.im 0.60 zi.ma 0.00
14 goo.gl 0.54 u.nu 0.00
15 ow.ly 0.48 tiny.cc 0.00
16 cli.gs 0.30 sn.im 0.00
17 u.nu 0.18 shorl.com 0.00
18 moourl.com 0.18 r2me.com 0.00
19 idek.net 0.12 moourl.com 0.00
20 dwarfURL.com 0.12 lu.mu 0.00
21 zi.ma 0.06 idek.net 0.00
22 ad.ag 0.00 goo.gl 0.00

Source: Avira Virus Lab, taken from the month of July, 2010.

Shortened Links Can Mask A Threat

To give you an example, would you click on the following link?

www.ssl-albion-netbank.com/143.027.902

Probably not… The bank’s made-up name and use of random numbers would rightly give you misgivings. However, under a shortened guise – http://goo.gl/mDNuMg – one would not know that it’s a phishing website (in this case, a dead link).

Recommendations:

The bottom line is that if you can, avoid clicking on shortened URL links. If you do need to click on shortened links, copy and paste the link into a link lengthener – such as http://longurl.org/, which displays the full version of the links without having to click on it (exists also as a browser extension for Chrome and Firefox).

Finally, we recommend you equip yourself with Avira’s free Browser Safety extension, also for Chrome and Firefox, which blocks infected websites before they load. To learn more about Browser Safety, visit Avira’s website here: https://www.avira.com/en/avira-browser-safety

The post Shortcut Express to Infected & Phishing Websites appeared first on Avira Blog.