URL Shortening Services Used in Large Malware Attack

Spammers have been exploiting anonymous URL shortening services for a while now but according to a post on Symantec’s MessageLabs Intelligence Blog, some have been using the technique as part of a large malware attack.

Spammers have been exploiting anonymous URL shortening services for a while now but according to a post on Symantec’s MessageLabs Intelligence Blog, some have been using the technique as part of a large malware attack.

Using five different URL shortening websites, the attackers sent mangled links to users under the guise of a bank transfer service. Claiming a transfer has been canceled; the attackers try to get the victim to click a link to open a PDF file that’ll describe why. In reality the link goes on to connect them to a site serving up drive-by exploits.

URL shorteners have been used frequently as of late in attack vectors as spammers can use the anonymity to their advantage. In January, spammers sent fake e-mails claiming to have come from the IRS with shortened URLs, tricking some recipients into getting infected with the Zeus botnet.

Read more on this over at MessageLabs Intelligence.

Suggested articles

Discussion

  • Paul on

    Interesting story!

  • used laptops on

    This idea has also sorts of potential. Users are free to do what they want on the host OS, including installing their own applications and data.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.