McAfee Labs

Short-URL Services May Hide Threats

1
By on Jul 25, 2013

In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL, Goo.gl, Bit.ly, Ow.ly and is.gd. Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts.

For the top five, the following table and graphs show the number of malicious URLs McAfee Labs discovered in 2012 and the first half of 2013.

FP_BLOG_130725_0

 

 

 

 

FP_BLOG_130725_1

 

In addition to the most commonly used URL shortening services, there are many others. Browsing the Internet, I soon discovered hundreds more.

The most common top-level domains for URL shorteners are COM, ME, LY, US, IN, NET, TO, IT, CC, and GD. But two-thirds of these sites are unreachable or lead you to web pages with advertising links indicating the domain name is for sale. Some others explain they had to close due to the amount of malicious URLs they hosted without being able to properly eliminate them.

FP_BLOG_130725_2

 

The final third is hard to examine. Some of them require registration to use the services, but most are still directly usable. Here are the URLs most targeted by malware in 2013, according to our research.

  • bit.ly
  • tinyurl.com
  • goo.gl
  • is.gd
  • adf.ly
  • y.ahoo.it
  • ow.ly
  • jmb.tw
  • 0845.com
  • tiny.cc

 

To protect Internet users, in 2010 McAfee introduced its own secure URL  shortener using the mcaf.ee domain. This service was designed to provide the web community with piece of mind knowing that any link referred to was secure, containing no malware and not pointing to a malicious site.

If you follow any mcaf.ee short URL, such as this one leading to the French CLUSIF association web page (hxxp://mcaf.ee/4yr1s), you will notice that a frame is added to the top of the destination page confirming its good ranking from Site Advisor. Here the check mark is green:

FP_BLOG_130725_3

But if you are redirected to a malicious URL, you will be stopped before it is too late.

FP_BLOG_130725_4

To create these short URLs, you can find add-ons at the Google Chrome Extension repository and at the Firefox add-on site. You may use these facilities knowing that McAfee will help keep you safe.

One Comment on “Short-URL Services May Hide Threats

  • Please kindly fix the Reporting link within that frame or get it to return a positively reported result. Right now all it does is load the home page of the short url service with no mention that a report has actually been generated. I just tried to report /ah9mq which was advertised in a recent spam and I couldn’t tell if a report had been generated or not.

    It was also annoying that whoever used that short url just pointed it to yet another short service which is listed as green. Only thing that stopped the malware was a local copy of Avast.

    I do hope you folks will fix this major loophole.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>