Post by kas on Dec 4, 2010 4:37:25 GMT -5
Be wary of any Shortened webpage link
Scammers use url shorteners just like bloggers do ... to shorten a url. However they do it for different reasons. Where as bloggers do it to simply shorten the link or forum users use it in forums in their signature due to character limits, spammers on the other hand do it to trick users into following the link without questioning it and for security browser tools such as WOT or McAfee SiteAdvisor not to alert them because there is no danger in the url shortening service but there is in where the link will redirect you to.
The redirection happens as quick as a flash and will not be noticed by the caller.
For example, a spammer wants you to visit virusinfestedporn.ru but uses a url shortener service such as tinyurl or juniurl or cli.gs or budurl.com or bit.ly or is.gd or goo.gl or traceurl.com or what ever numerous are now out there currently! So you see the url .. and just like any tweet or facebook message out there that you see that is shortened .. it is nothing new so you don't question it and follow the link out of curiosity. But you don't expect where it is taking you and wish you never followed that link!
Maybe one day url shorteners / redirectors will have something in place to investigate every single url someone shortens but for the time being it is up to us to educate each other and implement browser plugs (if you use Firefox) such as "Long Url Please"
Bit.ly is different though when it comes to security!
There is one I came across. Bit.ly actually does have warnings! Check this out: bit.ly/cgBT8e brings you to this warnings page:
bit.ly/a/warning?url=http%3a%2f%2f5z8.info%2fcockdock.gif_z7g9w_openme.exe&hash=cgBT8e instead of directly to 5z8.info/cockdock.gif_z7g9w_openme.exe
(this link http://f5z8.info/cockdock.gif_z7g9w_openme.exe actually was created by a security person to give an example so it is made to look bad but actually is another redirect to safeweb.norton.com/ and is safe)
Also Bit.ly tells us on their blog (blog.bit.ly/post/263859706/spam-and-malware-protection) about a Firefox plugin that will preview the link to let you know where you are actually going:
addons.mozilla.org/en-US/firefox/addon/10297/
And if you add a + at the end of any bit.ly url you will get more info on where it will take you.
There is also a write up about url shorteners / redirecters here:
"How to Avoid Being Caught by Bad Tiny URLs"
www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/
Quote from it:
To continue reading the rest go to www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/
Other links:
Why did url shorteners come about in the first place?
www.blogherald.com/2009/07/17/beware-of-those-shortened-urls/?isalt=0
Someone complains about Facebook cracking down about short urls..
wdawe.com/index.php/careful-when-using-url-shorteners-with-facebook?blog=1#c394
A list of many out there:
www.toprankblog.com/2009/01/11-best-url-shortening-services-vote-your-favorite/
Scammers use url shorteners just like bloggers do ... to shorten a url. However they do it for different reasons. Where as bloggers do it to simply shorten the link or forum users use it in forums in their signature due to character limits, spammers on the other hand do it to trick users into following the link without questioning it and for security browser tools such as WOT or McAfee SiteAdvisor not to alert them because there is no danger in the url shortening service but there is in where the link will redirect you to.
The redirection happens as quick as a flash and will not be noticed by the caller.
For example, a spammer wants you to visit virusinfestedporn.ru but uses a url shortener service such as tinyurl or juniurl or cli.gs or budurl.com or bit.ly or is.gd or goo.gl or traceurl.com or what ever numerous are now out there currently! So you see the url .. and just like any tweet or facebook message out there that you see that is shortened .. it is nothing new so you don't question it and follow the link out of curiosity. But you don't expect where it is taking you and wish you never followed that link!
Maybe one day url shorteners / redirectors will have something in place to investigate every single url someone shortens but for the time being it is up to us to educate each other and implement browser plugs (if you use Firefox) such as "Long Url Please"
Bit.ly is different though when it comes to security!
There is one I came across. Bit.ly actually does have warnings! Check this out: bit.ly/cgBT8e brings you to this warnings page:
bit.ly/a/warning?url=http%3a%2f%2f5z8.info%2fcockdock.gif_z7g9w_openme.exe&hash=cgBT8e instead of directly to 5z8.info/cockdock.gif_z7g9w_openme.exe
(this link http://f5z8.info/cockdock.gif_z7g9w_openme.exe actually was created by a security person to give an example so it is made to look bad but actually is another redirect to safeweb.norton.com/ and is safe)
Also Bit.ly tells us on their blog (blog.bit.ly/post/263859706/spam-and-malware-protection) about a Firefox plugin that will preview the link to let you know where you are actually going:
addons.mozilla.org/en-US/firefox/addon/10297/
And if you add a + at the end of any bit.ly url you will get more info on where it will take you.
There is also a write up about url shorteners / redirecters here:
"How to Avoid Being Caught by Bad Tiny URLs"
www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/
Quote from it:
What is the issue, why is it a problem, and what can we do about it?
Website address shortening services came about because some times the page you are visiting can have a URL that is extremely long. If you want to send this web address to a friend over email, internet instant messaging, cell phone SMS text messaging, internet relay chat, or more recently, via a Twitter tweet, these addresses could be so long they either break when the person receiving your link tries to click it, or be so long they are rejected by the service altogether.
So rather than send the exact address that you find in the address bar of your web browser, instead you would copy and paste the address into a URL shortening service that would in turn create a shorter URL for you to use.
When someone then clicks the shorter URL they are “redirected” from the service through to your intended destination.
Sounds good so far, right?
The problem is, when someone sees one of these short URLs, instead of seeing where they will be taken, they see an entirely different address. We can not tell anything from the URL we are given about the nature of where we will be taken.
A safe but annoying example would be for us to be sent a “Rick-Roll”, that is we are given a link that purports to be some breaking news or cool site, only to be taken to the famous Rick Astley YouTube video instead. Ha ha. Got me there.
Rather than safe but annoying, more and more malicious and inappropriate content is being shared this way, spread via spam, trolls, phishing emails, and now Twitter.
You might be sent a message saying “Get a free iPod Touch!!!!”, but when you click the link it takes you to a malware site, or something that you would not want your family or boss to see.
Website address shortening services came about because some times the page you are visiting can have a URL that is extremely long. If you want to send this web address to a friend over email, internet instant messaging, cell phone SMS text messaging, internet relay chat, or more recently, via a Twitter tweet, these addresses could be so long they either break when the person receiving your link tries to click it, or be so long they are rejected by the service altogether.
So rather than send the exact address that you find in the address bar of your web browser, instead you would copy and paste the address into a URL shortening service that would in turn create a shorter URL for you to use.
When someone then clicks the shorter URL they are “redirected” from the service through to your intended destination.
Sounds good so far, right?
The problem is, when someone sees one of these short URLs, instead of seeing where they will be taken, they see an entirely different address. We can not tell anything from the URL we are given about the nature of where we will be taken.
A safe but annoying example would be for us to be sent a “Rick-Roll”, that is we are given a link that purports to be some breaking news or cool site, only to be taken to the famous Rick Astley YouTube video instead. Ha ha. Got me there.
Rather than safe but annoying, more and more malicious and inappropriate content is being shared this way, spread via spam, trolls, phishing emails, and now Twitter.
You might be sent a message saying “Get a free iPod Touch!!!!”, but when you click the link it takes you to a malware site, or something that you would not want your family or boss to see.
To continue reading the rest go to www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/
Other links:
Why did url shorteners come about in the first place?
www.blogherald.com/2009/07/17/beware-of-those-shortened-urls/?isalt=0
Someone complains about Facebook cracking down about short urls..
wdawe.com/index.php/careful-when-using-url-shorteners-with-facebook?blog=1#c394
A list of many out there:
www.toprankblog.com/2009/01/11-best-url-shortening-services-vote-your-favorite/