Twitter's t.co URL shortener used to spread spam

Twitter’s URL shortener, t.co, is reportedly being used by spammers to trick web users into clicking on dubious links.

URL shorteners such as bit.ly, goo.gl, and t.co have long been used by spammers, because they provide an unlimited source of URLs which can be used in emails to disguise the final landing page.

The major companies providing this service all have anti-abuse filters in place to attempt to control this sort of malicious activity. But some are doing better than others, according to security firm Cloudmark.

Using a sample of 1,200 t.co links reported to Cloudmark's Global Threat Network as spam between July 22 and July 29, the company found that only 7 per cent were legitimate uses of a URL shortener.

The majority of the URLs redirected users to one of two bootleg pharmacy websites – Pharmacy Express and Online Pharmacy.

Although these are two distinct brands, the techniques used in their spam advertising are identical, leading to Cloudmark to conclude that this could be the work of a single spammer.

Cloudmark's Andrew Conway suggested in a blog post that the spammer had avoided Twitter’s anti-abuse filters by using an intermediate layer of redirection.

"The t.co link redirects to a URL on a compromised domain, and that in turn uses a REFRESH meta tag to redirect to the spam landing page," he said. "This dual layer of redirection seems to be fooling Twitter."

Conway added that, while Twitter does a good job of controlling spam on its own social network, it could do more to protect users.

"In order to be responsible members of the Internet community they need to do an equally good job of preventing the abuse of their system to facilitate other forms of spam," he said.

Twitter did not repond to a request for comment.