In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL, Goo.gl, Bit.ly, Ow.ly and is.gd. Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts.
For the top five, the following table and graphs show the number of malicious URLs McAfee Labs discovered in 2012 and the first half of 2013.
In addition to the most commonly used URL shortening services, there are many others. Browsing the Internet, I soon discovered hundreds more.
The most common top-level domains for URL shorteners are COM, ME, LY, US, IN, NET, TO, IT, CC, and GD. But two-thirds of these sites are unreachable or lead you to web pages with advertising links indicating the domain name is for sale. Some others explain they had to close due to the amount of malicious URLs they hosted without being able to properly eliminate them.
The final third is hard to examine. Some of them require registration to use the services, but most are still directly usable. Here are the URLs most targeted by malware in 2013, according to our research.
To protect Internet users, in 2010 McAfee introduced its own secure URL shortener using the mcaf.ee domain. This service was designed to provide the web community with piece of mind knowing that any link referred to was secure, containing no malware and not pointing to a malicious site.
If you follow any mcaf.ee short URL, such as this one leading to the French CLUSIF association web page (hxxp://mcaf.ee/4yr1s), you will notice that a frame is added to the top of the destination page confirming its good ranking from Site Advisor. Here the check mark is green:
But if you are redirected to a malicious URL, you will be stopped before it is too late.