Wednesday, October 26, 2011

Spammers using shortened URL links to trick anti-spam measures: Symantec

          October Intelligence report discovers premium rate SMS dialer targeting users in Eastern Europe. Computer security company Symantec has revealed that for the first time, spammers have established a genuine URL shortening service that is publically available and will generate real shortened links.

          In the results of the October 2011 Symantec Intelligence Report. The company said that during 2010, 92% of spam emails contained URLs and the use of shortened links makes it harder for traditional anti-spam countermeasures to block the messages based on fingerprinting the URL. Legitimate services are much quicker to respond to abuse, and spammers are preying on the knowledge that many people are familiar with shortened links through their use in social media, and have developed a false sense of security about them, said Symantec.

          Symantec.cloud senior intelligence analyst Paul Wood said spammers are using a free, open source URL shortening scripts to operate the sites. Wood explained, "After creating many shortened URLs with their own service, the spammers then send spam including these URLs. These particular spammers use subjects designed to attract attention, like 'It's a long time since I saw you last!', 'It's a good thing you came' and so on. This is a common social engineering tactic, and is designed to arouse curiosity, particularly if they have a false sense of security around the safety of shortened links"

          Wood also said that spammers could be setting up their own URL shortening sites since legitimate URL shortening sites have slightly improved their detection of spam and other malicious URLs. "It's not fully clear why the sites are public. Perhaps this is simply due to laziness on the spammers' part, or perhaps an attempt to make the site seem more legitimate," Wood said.

          During October, Symantec Intelligence also discovered a premium rate SMS dialer targeting users in Eastern Europe. The dialer app attempts to pass itself off as a legitimate application by imitating the brand of a popular VoIP/messaging application. "Premium SMS dialers have started appearing on the mobile threat landscape more often, especially in Eastern Europe. It is no surprise that the authors responsible for using this lucrative revenue source appear to be evolving their tactics and moving to newer platforms," Wood said. The report also said that the UK had the highest ratio of malicious emails in October, with one in 146.4 emails identified as malicious.

0 comments:

Post a Comment