Home Spammers Create Their Own URL Shortening Services

Spammers Create Their Own URL Shortening Services

According to this report from Symantec’s MessageLabs, spammers have escalated their sophistication with URL misdirection. It works like this:

First, spammers set up a new domain that they intend to use for their evil purposes, but let it lie dormant for a few months. This is to avoid the detection of services that look for recently created domains.

Next, the spammers create their malware on one of these domains, and then use another domain to create a shortened link to their original malware URL. Finally, this link is further redirected by using a legitimate URL shortening service, so when an unsuspecting mark receives an email with this legit shortened URL, they click on it and don’t realize that they are being taken to a malware site.


Symantec has found a series of interconnected sites, all using Russian .ru domain names, and hosted in Russia and Ukraine. Some of the chains stretch across ten different sites. “These sites don’t have public interfaces, are not found in search results and do not appear on any micro-blogging services. Therefore, they are unlikely to be private URL-shortening services created by some organizations (who prefer to use their own, rather than rely on external sites),” states the report.

As you can imagine, this means that URL shorteners who want to stay ahead of this game have more work to cleanse their systems.

Hilary Mason, a scientist at Bit.ly, says:

“Spam is indeed pernicious. Bitly is aware of the potential abuses of short URLs and we’re proactive in protecting our users from malicious content. We have a three-pronged approach for dealing with malicious content. First, we use publicly available blacklists like Google SafeBrowse and OpenDNS’s PhishTank. Second, we work closely with our partners to stop abuse as soon as it’s detected. Finally, we developed a proprietary classification infrastructure that learns what malicious content looks like and detects such content within seconds of it entering our system. Our classifiers will follow the intermediary redirectors and identify any link that eventually resolves to malicious content. As the spammer develop new techniques we adjust our systems to compensate. This insures that you are safer clicking on a bitly link than on any random link.”

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.