Spammers have been exploiting anonymous URL shortening services for a while now but according to a post on Symantec’s MessageLabs Intelligence Blog, some have been using the technique as part of a large malware attack.
Using five different URL shortening websites, the attackers sent mangled links to users under the guise of a bank transfer service. Claiming a transfer has been canceled; the attackers try to get the victim to click a link to open a PDF file that’ll describe why. In reality the link goes on to connect them to a site serving up drive-by exploits.
URL shorteners have been used frequently as of late in attack vectors as spammers can use the anonymity to their advantage. In January, spammers sent fake e-mails claiming to have come from the IRS with shortened URLs, tricking some recipients into getting infected with the Zeus botnet.
Read more on this over at MessageLabs Intelligence.