Spammers have created a publicly available URL shortening service designed to block traditional anti-spam counter-measures, with Symantec warning social media users to be especially vigilant.
According to the October 2011 Symantec Intelligence Report, the service allows spammers to generate real shortened links, making it harder for traditional anti-spam counter-measures to detect and to targeting people who have become familiar with their use through social media.
The services allow spammers to better conceal their spam sites and make them harder to block. This month’s report shows a spam gang with more than 80 URL shortening sites in operation using the .info top-level domain.
Symantec.cloud senior intelligence analyst Paul Wood said spammers are using free, open source, URL shortening scripts to operate these sites, then sending spam including these URLs.
“These particular spammers use subjects designed to attract attention, like ‘It’s a long time since I saw you last!’, ‘It’s a good thing you came’ and so on. This is a common social engineering tactic, and is designed to arouse curiosity.”
He says spammers setting up their own sites may be a reaction to legitimate URL shortening sites improving their detection of spam and other malicious URLs, although it is not clear why the sites are public.
Symantec Intelligence also discovered this month that a premium SMS dialer has been in use, targeting users in Eastern Europe. The dialer attempts to pass itself as legitimate by imitating the brand of a popular messaging application.
“Premium SMS dialers have started appearing on the mobile threat landscape more often, especially in Eastern Europe. It is no surprise that the authors responsible for using this lucrative revenue source appear to be evolving their tactics and moving to newer platforms.”
Despite the new sites, the global ratio of spam in email traffic this month declined slightly by 0.6 percentage points when compared with last month.