Topic: Storm botnet now mostly use shortened URL's for Spaming

[Samker]

The tendency of spammers to use shortened URLs to evade detection has gone from last year's clever exploit to this year's mainstream tactic, MessageLabs has reported.

In the second quarter of 2009, emails using shortened URLs exceeded 1 in 200 emails only once, the company's July 2010 Intelligence report notes: http://www.messagelabs.com/intelligence.aspx

During the same period this year, its figures showed that this threshold had been breached on 43 days. On 10 of these days, the volume of shortened hyperlinks accounted for five percent of all the spam measured by the company.

The main recent culprit has been the Storm botnet, which spewed 11.8 percent of all the spam using the shortened URLs in the second quarter.

"As far as spammers are concerned, any tactics that make it harder to block their spam emails are going to be exploited," said MessageLabs' analyst, Paul Wood. The growth of URL shortened spam was demonstration that the tactic was being favoured simply because, on average, it was more effective at beating reputation filtering.

As evidence of this, MessageLabs believes that one website is visited for every 74,000 spam emails containing a shortened URL. More popular services could raise this to one in 63,000 messages.

One analysis not mentioned by MessageLabs is which services are the most exploited. The list will include the best-known services but the number of URL shorteneing services has expanded greatly since 2009 on the back of the social media boom which so favours the format, so the spammers have had plenty of choice.

(PCW)