Spam Spotted Using TinyURL
A co-worker yesterday forwarded to me a piece of junk e-mail he'd received that used a clever yet simple method for not only getting around spam filters, but also obfuscating the destination Web site.
The hyperlink to the spam site was made with TinyURL, a free Web redirection service that has long helped people shrink overly long Internet addresses into ... well, tiny ones. I've used it countless times in the past to forward links to friends in e-mail or documents when for some reason the link is so long that a line break renders it unusable.
I've expected to see TinyURL links used in spam for some time, but this is the first actual e-mail I've looked at that contains one. Since many e-mail and instant message worms depend on people clicking on links, TinyURL would be a great way to spread malware as well.
As you might expect, using TinyURL to send either spam or malware is strictly against the company's terms-of-use policy, and it seems to enforce those rules pretty vigorously. I was happy to see that when I clicked on the link in a test system this morning, TinyURL had disabled it, leaving the following message:
"The TinyURL (mmv9a) you visited was used by its creator in violation of our terms of use. TinyURL has a strict no abuse policy and we apologize for the intrusion this user has caused you. Such violations of our terms of use include:
* Spam - Unsolicited Bulk E-mail
* Fraud or Money Making scams
* Malware
* or any other use that is illegal."
Hooray for TinyURL. Keep up the good work, and thank you for a very useful service.
By Brian Krebs |
June 13, 2006; 9:54 AM ET
| Category:
Latest Warnings
Previous: Yahoo Webmail Worm on the Loose |
Next: 12 Microsoft Patches Plug 21 Security Holes
Posted by: Carrie | June 13, 2006 11:56 AM
Carrie, yes, it is safe to use TinyURL. no one is injecting anything into other tinuURLs. the point of the post was just to note that someone was abusing this very helpful service to send spam, and that during the time the tiny spam url is active it is likely to be quite effective.
Posted by: Bk | June 13, 2006 12:04 PM
Nice to see a company so on top of things. If we could only get all the ISPs out there to be as responsive in shutting down spam and phishing sites we'd have a much nicer internet.
Posted by: Qian Wang | June 13, 2006 12:43 PM
I amnot surprised to see this one bit. Hats off to the TinyURL crew for being proactive.
Also, 2600 magazine recently just ran a article on a hack they discovered using TinyURL to transfer files. FYI..
Posted by: DOUGman | June 13, 2006 12:45 PM
I would say the alternative site, makeashorterlink.com, is marginally better than tinyurl.com as it has an intermediate step which gives the user a peek at the full web address before redirecting. They then have about 10 seconds to cancel the request if the complete link looks suspicious.
Posted by: alan | June 13, 2006 08:55 PM
That´s not new, actually. I´ve seen it for almost 2 years. URLs obfuscated by TinyURL followed by subsequent URL encodings are even worse.
Posted by: Ronaldo C Vasconcellos | June 14, 2006 05:42 AM
Does anyone know if there are security issues involved in using TinyURL for secure sites that require usernames and passwords? I tested it and it works, I just wonder if it opens up any vulnerabilities. Thanks!
Posted by: Roger | August 25, 2006 08:10 AM
The comments to this entry are closed.
Brian,
So, when I use TinyURL the website isn't introducing spam so that when someone clicks on the link they get spammed, right? Is your point that malicious senders can use TinyURL to hide their infected links more effectively? I'm just trying to understand whether it is safe for me to continue using TinyURL.
Thanks