Be Wary of Short URLs

Monday, October 1, 2012 @ 12:10 PM gHale


URL shorteners like TinyURLs and Bit.ly can sometimes lead viewers to sites that could be a malicious web site, new research said.

“Certainly the URL shortening services don’t intend to point people to malicious websites,” said Web of Trust Chief Executive, Markus Suomi, “but perhaps they can do more to proactively protect their services from being exploited.”

RELATED STORIES
Profiting off Android Attacks
Malware Continues to Rise
Malware Bypasses Defenses with Ease
Malware Disguised as Security Software

In an analysis of 1.7 billion shortened URLs, Web of Trust researchers found 8.7 percent of TinyURLs and 5 percent of Bit.ly can lead to malicious sites.

The companies responsible for URL shortening services should be able to limit their malicious use by automatically screening for compromise websites and warning users if the sites they are attempting to access are suspicious, Suomi said.

In addition to these findings, Web of Trust measured the overall trustworthiness of various top level domains. They determined that 2.5 percent of sites within the .com TLD rate poorly in terms of trustworthiness and 3.6 percent rate poorly on child protection. In the .info TLD, 10.7 percent of sites rated poorly, 9.6 percent received poor ratings in the .net TLD, and 9.5 percent of .biz domains rated poorly.

Web of Trust said countries’ TLDs through which link shortening services route traffic have loose regulations and return suspicious ratings for as many as 90% of the websites under their top level domains. The most suspicious TLDs, according to Web of Trust are the Acension Island’s .ac domain, in which 91 percent of sites rate poorly, Montserrat’s .ms, with 46 percent of its sites rated poorly, and Puerto Rico’s .pr, where 46 percent received poor ratings.

The analysis came from data from TinyURL (from its inception in 2002 until December 2011) and Bit.ly (from its founding in 2008 to December 2011).

Web of Trust is a Finnish company that runs a community-powered safe-surfing tool. Click here for more information on the report.



Leave a Reply

You must be logged in to post a comment.