MX Lab, http://www.mxlab.eu, is noticing an increase in the usage of URL shorteners like bit.ly and others. This technique is being used to avoid detecting of the URL by intent analysing techniques.
Some examples of the latest spam campaign for replica watches:
Vervollständigen Sie Ihre Garderobe mit Markennamen Luxus-Accessoires
Kommen Sie in unser One-Stop-Shopping-Erlebnis wunderbar, nur einen Klick entfernt.
Obtenez le Tag Heuer SLR Mercedes regarder ici
Obtenez tous vos besoins de luxe sous un même toit, et à 60% de réduction!
Email not displaying correctly? View in your browser.
Great prices on all watch brands http://redir.ec/39qj
Our web-store of Watch-lones welcomes you!
We have copies of famous chronometer brands for more than affordable prices!
Respect and style will be easier to get!
If you wish to unsubscribe from our mailing list, click here
Assurez-il se passer maintenant avec les prix réelle et exacte des produits de luxe à la recherche.
The URLs in this spam campaign lead to the web site Ultimate Replica
We have seen the usage of URL shorteners emerge at the end of 2010 so it seems that this technique is becoming more popular among spammers. Each spam message has a different shortened URL, sometimes even processed by different URL shortening services.
While in the first campaigns we noticed some popular URL shorteners like bit.ly being used, the trend is now that other less known URL shortening services are being used. In some cases, the URL shorteners also do not even have a way to report abuses through their web site and I think that the spammers are aware of this.
In the past, we have submitted some shortened URLs to the abuse department of bit.ly for example and we could notice that the URLs where disabled quite fast.
Most of the URL shorteners also have an API available. The API makes it even more easier to integrate an URL shortener service into a botnet or spam campaign. For example, the URL shortener wa.la has a very simple PHP API:
With a single line, the URL is shortened and usable in a spam campaign. In this case, no account has to be created so the creation of the URL is also anonymous.
Some URL shorteners also have the ability to gather some statistics about the usage of the shortened URL. Spammers can measure certain aspects of the spam campaign they manage.
In the past, MX Lab warned about URL shorteners and the possible threats you may encounter with them. One major disadvantage is that you are no longer to see the full URL before you click on it with certain URL shortening services. The URL shorteners that spammers use do not have a preview mode like for example bit.ly. So, the recipient will only see the full URL when following the shortened URL.
At this time it is a spam campaign for replica watches, one day it can be a malicious payload, designed to infect your computer.
MX Lab was already pro-actively scanning emails for shortened URLs since a few weeks when we noticed the first campaigns with shortened URLs. When a shortened URL is detected we take this into account when we determine wether the message is spam or not.