Large scale malware attack using URL shortening services
We've seen spammers abusing URL shortening services on a huge scale for quite some time, which was also reported in-depth as part of the May 2011 MessageLabs Intelligence Report [http://www.symanteccloud.com/mlireport/MLI_2011_05_May_FINAL-en.pdf]. The explosion in popularity of micro-blogging services and social networking status updates has seen a huge increase in the number of URL shortening sites. The simple and semi-anonymous nature of these sites allow spammers to easily create thousands of links which they then include in their spam in an attempt to evade URL-based spam blocking.
Recently we saw a large malware attack using URL shortening services.
The attack abused at least five different URL shortening sites. The message claimed to be from an inter-bank funds transfer service, claiming that a funds transfer had been cancelled. To find out why the transfer was cancelled, recipients were encouraged to click on a link supposedly pointing to a PDF file, but actually pointing to a shortened URL. This shortened URL then redirects to a site with several drive-by
We saw hundreds of unique shortened URLs being used to link to this malware, and expect to see malware authors using this technique in future.