The social media revolution has created a new market for URL shortening services, such as tinyurl.com and bit.ly.  These services take a URL such as http://www.thesecuritysamurai.com/2011/06/23/the-corporate-security-halftime-report-corporations-0-hackers-over-9000-by-rory-smith-soc-analyst/ and create a redirect site at tinyurl.com/<random string of characters> such as tinyurl.com/6b3bktpThis is particularly useful when linking to articles or media with long URLs such as the example above, due to the well known character limits associated with social media sites, such as Twitter.

This type of scenario, which masquerades URLs with redirects, has led to a perfect storm for ill-intended hackers.  Old school phishing scams would use the click here scam to attempt to trick users into thinking they were clicking on a legitimate link to a trusted site.  When hovering over the click here, you will see that the user is actually being sent to http://malicious_link.tz.

With URL Shortening, the hover trick is no longer valid.  The link must actually be clicked for the user to determine the destination of the redirect.  For an example, click here.  As one can see, there is no method of knowing the actual destination of the link without navigating to it completely.  This is the perfect method for hackers to hide infected sites from unsuspecting users.

To avoid these types of scenarios, it is good practice to never, ever click on hyperlinks without knowing the actual destination.  These URL shortening services add an additional layer of anonymity that greatly increases the risk of infection.  If using these types of services is unavoidable, it is important to have an up to date endpoint protection service, and ideally, an intrusion detection service between the endpoint and the Internet.  It is also useful to keep handy sites like knowurl.com.  Sites like this will provide the user with the “expanded” URL based off of a shortened URL.

Tags: , ,