Over the past two months, MessageLabs Intelligence has been tracking the rise of URL-shortening services appearing in spam emails. With so many of these legitimate services available on the internet, many are being routinely abused by spammers, so much so that many have been forced to close, leaving users with indignant messages explaining why, for example in Figure 1 and Figure 2, below.
Figure 1 - URL shortening website abused by spammers
Figure 2 - URL shortening website temporarily closed due to spam abuse
Spam runs containing many new shortened-URLs continued through July and August, with a peak of activity on 26 July at 9.25% of all spam, equivalent to more than 10 billion spam messages per day worldwide. This can be seen in Figure 3.
In this particular spam run, the focus was pharmaceutical and again, the Donbot botnet, one of the largest botnets currently in operation, was perceived to be responsible.
Example subjects included the following:
Phentermine 37.5 Overnighted to your door
President Obama announced that he's providing affordable meds to people with no health care - Get meds now.
Purchase Meds Online
Obama has OK'd Online Sale of Meds
Zoloft For You
Online Dr. Notes
Obama wants to help YOU get the meds you NEED to be healthy and feel good, get them NOW.
Save 80% on Meds
Obama Opens Online Pharmacy