Spammers have been using them to for some time, and anyone who frequents twitter will have seen the pornography industry using them. However Symantec’s Nick Johnston reports on a worrying trend, using them to hide malware using so-called drive-by attacks. He reports on one exploit.
The attack abused at least five different URL shortening sites. The message claimed to be from an inter-bank funds transfer service, claiming that a funds transfer had been cancelled. To find out why the transfer was cancelled, recipients were encouraged to click on a link supposedly pointing to a PDF file, but actually pointing to a shortened URL. This shortened URL then redirects to a site with several drive-by exploits.
A drive-by attack is one that exploits security flaws in browsers and causes them to download and execute malicious code simply by visiting a page. They do not require a user to click on anything or download files. In the example cited, the page exploited holes in PDF documents, Java and a Windows Help Center exploit. Expect more of this, warns Symantec.
We saw hundreds of unique shortened URLs being used to link to this malware, and expect to see malware authors using this technique in future.
There are browser plug-ins for Firefox and Chrome that will expand shortened URLs so you can see the destination site before clicking on the link. It is expected that
LINK TO OUR HOME PAGE :