Short-URL Services May Hide Threats

In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL, Goo.gl, Bit.ly, Ow.ly and is.gd. Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts.

For the top five, the following table and graphs show the number of malicious URLs McAfee Labs discovered in 2012 and the first half of 2013.

FP_BLOG_130725_0

 

 

 

 

FP_BLOG_130725_1

 

In addition to the most commonly used URL shortening services, there are many others. Browsing the Internet, I soon discovered hundreds more.

The most common top-level domains for URL shorteners are COM, ME, LY, US, IN, NET, TO, IT, CC, and GD. But two-thirds of these sites are unreachable or lead you to web pages with advertising links indicating the domain name is for sale. Some others explain they had to close due to the amount of malicious URLs they hosted without being able to properly eliminate them.

FP_BLOG_130725_2

 

The final third is hard to examine. Some of them require registration to use the services, but most are still directly usable. Here are the URLs most targeted by malware in 2013, according to our research.

  • bit.ly
  • tinyurl.com
  • goo.gl
  • is.gd
  • adf.ly
  • y.ahoo.it
  • ow.ly
  • jmb.tw
  • 0845.com
  • tiny.cc

 

To protect Internet users, in 2010 McAfee introduced its own secure URL  shortener using the mcaf.ee domain. This service was designed to provide the web community with piece of mind knowing that any link referred to was secure, containing no malware and not pointing to a malicious site.

If you follow any mcaf.ee short URL, such as this one leading to the French CLUSIF association web page (hxxp://mcaf.ee/4yr1s), you will notice that a frame is added to the top of the destination page confirming its good ranking from Site Advisor. Here the check mark is green:

FP_BLOG_130725_3

But if you are redirected to a malicious URL, you will be stopped before it is too late.

FP_BLOG_130725_4

To create these short URLs, you can find add-ons at the Google Chrome Extension repository and at the Firefox add-on site. You may use these facilities knowing that McAfee will help keep you safe.