Spam with shortened URLs accounts for 18 per cent of all spam sent

News by Dan Raywood

One website visit is generated for every 74,000 spam emails containing a shortened URL link.

One website visit is generated for every 74,000 spam emails containing a shortened URL link.

According to the Symantec MessageLabs Intelligence Report for July, the most frequently visited shortened links from spam received more than 63,000 website visits.

Paul Wood, MessageLabs Intelligence senior analyst at Symantec Hosted Services, told SC Magazine that spammers are generally getting a return of a tenth of one per cent when it comes to a click through return rate.

He said: “The volume numbers make up for it though, as it is not just using their resources. There is no way to see how many people click on the links in a spam message, but you can with shortened URLs so it is interesting to see the information and see the statistics from this sample set.”

Elsewhere the report revealed a significant increase in the percentage of spam containing shortened hyperlinks over the last year. Spam containing shortened hyperlinks hit a one day peak of 18 per cent, or 23.4 billion spam emails on 30th April. This doubled last year's peak levels when spam with shortened hyperlinks accounted for 9.3 per cent of spam, more than 10 billion spam emails on 28th July.

Further analysis of spam containing shortened URLs revealed that the Storm botnet, which returned to the threat landscape in May this year, is responsible for the greatest volume of botnet spam containing short hyperlinks, when it accounted for 11.8 per cent of all spam containing shortened hyperlinks. A large proportion of short URL spam in this quarter also originates from other sources, including unidentified botnets.

Wood said: “As far as spammers are concerned, any tactics that make it harder to block their spam emails are going to be exploited. When spammers include a shortened URL in spam messages, these shortened hyperlinks contain reputable and legitimate domains, making it harder for traditional anti-spam filters to identify the messages as spam based on the reputation of the domains found in the spam emails.

“While botnets are often the source of short URL spam, 28 per cent of this type of spam originated from sources not linked to a known botnet such as unidentified spam-sending botnets or non-botnet sources such as webmail accounts created using CAPTCHA-breaking tools.”

David Jevans, CEO at Ironkey, said: “Cyber criminals are trying to find ways to infect companies and email is being used to send spam and 90 per cent of it is phishing. Shortened URLs are not blocked so you have to check more closely. The spam messages are all automated and the websites that offer this service does not use a CAPTCHA so it is a lot harder to monitor. These all end up being used on Twitter, we want an internet that is trusted.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews