Symantec's MessageLabs has linked the Storm botnet to a spam campaign relying on shortened URLs. According to Symantec, Storm returned to the security threat landscape in May and now accounts for nearly 12 percent of all spam containing shortened URLs.
Spammers are increasingly turning to shortened URLs to beat spam filters,
and an old foe is at the center of it.
According to Symantec's July 2010 MessageLabs Intelligence
spam with shortened hyperlinks reached a peak of 18 percent on April
30, translating to 23.4 billion spam e-mails. An analysis of the spam campaign
has linked some of it to the notorious Storm botnet, which first appeared in
2006 before declining in 2008. The botnet reemerged in May, and now accounts
for 11.8 percent of all the spam containing shortened hyperlinks circulating
"While botnets are often the source
of short URL spam,
28 percent of this type of spam originated from sources
not linked to a known botnet such as unidentified spam-sending botnets or
non-botnet sources such as Webmail accounts created using CAPTCHA-breaking
tools," Paul Wood, MessageLabs Intelligence senior analyst for Symantec
Hosted Services, said in a statement.
The peak of 18 percent in 2010 is more than double last year's high
point of 9.3 percent recorded July 28, 2009. In the second quarter
of 2009, there was only a single day when shortened hyperlinks appeared in more
than 1 in 200 spam messages, Symantec reported. In the second quarter of 2010,
however, there were 43 days when that happened.
Security pros have repeatedly warned users to be wary about shortened
URLs in e-mails and on social networks because they are sometimes used to
trick people into visiting malicious sites. That wariness should not
necessarily transform into panic, as an analysis by Zscaler of shortened
URLs in Twitter's public timeline
revealed they were far less likely to
lead to malicious sites than search results on Google.
Still, for spammers pushing pharmaceuticals and other goods, using shortened
e-mails can be relatively effective. According to the
report, researchers found an average of one Website visit for every
74,000 spam e-mails with the shortened URLs. The most frequently visited
shortened links from spam received more than 63,000 Website visits.
When it comes to spam, the name of the game is dodging filters, and any
tactic that can make it harder to block e-mail messages is going to be
adopted by the spammers out there, Wood said.
"When spammers include a shortened URL in spam messages, these
shortened hyperlinks contain reputable and legitimate domains, making it harder
for traditional anti-spam filters to identify the messages as spam based on the
reputation of the domains found in the spam e-mails," he said.