Boom in URL Shorteners Equals Boom in Malware and Spyware

In theory, URL shorteners make perfect sense in the world of the 140 character status update popularized by Twitter and used heavily by other social networks. It is commonly accepted that shorter headlines and copy tend to have greater pull with the average user than their longer counterparts. At the same time, URL shorteners could be the Achilles Heel that brings about Facebook’s downfall.

But first a brief lesson on how URL shorteners work. By truncating an otherwise lengthy 200 character URL into a short, compact 40-50 character string,  these tweets, short messages, and micro blog updates have more room for other useful stuff, like emoticons or tags.

As an example a possible message over Facebook’s private message system might look like:

Is this you? What happened to your clothes? http://tiny.url/example.

This has increased the ease with which users direct each other to their favorite content. Such tools have become commonplace with Twitter adopting the use first of Tiny.url and currently of Bit.ly. Even Google has gotten into the game with its own shortner.

Now here is where the trouble starts. Enterprising (or dastardly, depending on your point of view) URL shortener marketers have resorted to coupling linkbait-style snippets with links to malware sites. Clicking on a link can send the user to a page where malware, a trojan, or a virus is installed on the user’s computer.

The result? You might get an ad for colon cleansing, a business opportunity CPA offer, or an offer for a free Apple iPhone, courtesy of your friend, or even your BFF. Or you might end up infecting your computer with something more malicious like a keylogger. With a chain reaction of malware installs and redirects to CPA offers, it’s not too cynical to imagine a RTM (Robert Tappan Morris) style worm infection spreading hyper virally through the uber-connected social networks.

The best or worst part of the deal? The user unleashing this worm across their social network might have no idea of the havoc they’ve unleashed. That is, until they receive a torrent of angry wall posts and messages from their former friends. This scenario has played out frequently on Twitter recently as user’s profiles are targeted through phishing shortened urls.

Facebook users are particularly vulnerable to this form of attack as many may be fairly young, use Internet Explorer as a default browser, and fail to install security updates and operating system patches regularly. With Facebook currently testing its own url shortner, the potential for problems on the heal of its Scamville issues seems quite real. While the damage caused by malware distributed via Facebook messaging appears to be limited, having the problem escalate may result in the mass exodus of users as seen with MySpace a couple of years ago with its rampant bulletin spam.

More importantly, since one of the primary distribution centers for the recent flood of malware infections appears to originate via Facebook’s personal messaging and real time chat system, couldn’t the social network screen and whitelist or blacklist suspicious URLs, especially if multiple users are distributing the same URL?

The immediate fix for this is for the end user to practice security management policies when they come across a URL shortened link on a social network, even if it comes from a trusted party. Using a URL shortener preview tool like PrevURL at least gives an idea of the destination URL. The rule? If in doubt, don’t click.

About Andrew Wee

You can find Andrew Wee on Twitter @andrewwee

3 Responses to Boom in URL Shorteners Equals Boom in Malware and Spyware

  1. I never thought a short url or Twitter could infect my computer and harm my files… Hmm, now we should really consider anti-virus and anti-malware software tools.

    PrevURL? First time I hear about it; it's a great alternative to anti-malware I guess…

  2. Scott Parent says:

    Glad you broight this to light Andrew. The technology and the tactics are always changing, but the bait and the results are surprisingly similar – prey off of people's insecurities and reward them with spam or malware.

  3. […] Boom in URL Shorteners Equals Boom in Malware and Spyware, Andrew Wee reports that the use of shortened URLs on social networks is another way for phishing […]