Spammers operating public, spam-friendly URL-shortening services, warns Symantec

Spammers have set up their own public URL shortening services for concealing spam sites and making them harder to block.

Warwick AshfordWarwick Ashford is chief reporter at Computer Weekly. He joined the CW team in June 2007 and is focused on IT security, business continuity, IT law and issues relating to regulation, compliance and governance. Before joining CW, he spent four years working in various roles including technology editor for ITWeb, an IT news publisher based in Johannesburg, South Africa. In addition to news and feature writing for ITWeb’s print publications, he was involved in liaising with sponsors of specialist news areas on the ITWeb site and developing new sponsorship opportunities. He came to IT journalism after three years as a course developer and technical writer for an IT training organisation and eight years working in radio news as a writer and presenter at the South African Broadcasting Corporation (SABC).

View all articles by Warwick Ashford >>

[email protected] 020 8652 8505 

Spammers have set up their own public URL shortening services for concealing spam sites and making them harder to block, taking such techniques to a new level, warns IT security firm Symantec.

For the first time, spammers have established a URL shortening service that is publicly available and will generate real shortened links, according to the October Symantec Intelligence Report.

The report says a spam gang has been operating at least 80 URL shortening sites using the .info top-level domain. However, unlike URL shortening sites uncovered earlier this year, these sites are effectively public URL shortening sites, open to anyone to use.

"Spammers are using a free, open source URL shortening scripts to operate these sites," said Paul Wood, senior intelligence analyst at

After creating shortened URLs with their own service, the spammers then send spam including these URLs and using subject lines designed to attract attention, such as, "It's a long time since I saw you last!".

"This is a common social engineering tactic, and is designed to arouse curiosity, particularly if they have a false sense of security around the safety of shortened links," said Wood.

The new tactic is thought to be in response to the fact that legitimate URL shortening sites are improving their ability to detect spam and other malicious URLs.

"It's not fully clear why the sites are public. Perhaps this is simply due to laziness on the spammers' part, or perhaps an attempt to make the site seem more legitimate," said Wood.

During October, the spam level in the UK was 74.8%, while the country became the most targeted region for phishing, with one in 178.3 e-mails identified as such. The UK climbed to the top of the table with the highest ratio of malicious e-mails, with one in 146.4 e-mails identified as such.

Read more on IT news in your industry sector