Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence

Shortened-URL spam runs continue

Created: 15 Sep 2009
Daren Lewis's picture
0 0 Votes
Login to vote

Over the past two months, MessageLabs Intelligence has been tracking the rise of URL-shortening services appearing in spam emails. With so many of these legitimate services available on the internet, many are being routinely abused by spammers, so much so that many have been forced to close, leaving users with indignant messages explaining why, for example in Figure 1 and Figure 2, below.

005_01_sample.jpg
Figure 1 - URL shortening website abused by spammers

005_02_sample.jpg
Figure 2 - URL shortening website temporarily closed due to spam abuse

Spam runs containing many new shortened-URLs continued through July and August, with a peak of activity on 26 July at 9.25% of all spam, equivalent  to more than 10 billion spam messages per day worldwide. This can be seen in Figure 3.

In this particular spam run, the focus was pharmaceutical and again, the Donbot botnet, one of the largest botnets currently in operation, was perceived to be responsible. 

Example subjects included the following:

Phentermine 37.5 Overnighted to your door
President Obama announced that he's providing affordable meds to people with no health care - Get meds now.
Purchase Meds Online
Obama has OK'd Online Sale of Meds
Zoloft For You
Online Dr. Notes
Obama wants to help YOU get the meds you NEED to be healthy and feel good, get them NOW.
Save 80% on Meds
Obama Opens Online Pharmacy

005_03_shorturl.gif
Read the entire report or listen to the podcast.