The growing use of shortened URLs on Web 2.0 sites like Twitter, combined with the increased adoption of Web 2.0 sites by businesses have caught the attention of cybercriminals who have discovered that shortened URLs are a perfect way to get an unsuspecting user to click on a spam or malicious link. By shortening a URL, the true identity of the URL is masked to the user. Additionally, short URLs are shared so commonly among friends on sites like Twitter, social networking sites and blogs that people don’t hesitate to click on them. Without Web 2.0 content security that understands in real time where the link is directing the user and what type of content is on that page, malicious shortened URLs will continue to plague both businesses and consumers. All Websense Web security customers are protected from being directed to malicious or inapporpriate Web content by clicking on shortened URLs.
Even if you are not a Websense Web security customer, there are some precautions you can take to protect yourself from clicking on malicious short URLs. Here is a list of some of the most popular URL shortening services and tips for how to preview the Web site that the short URL is directing you to before you click on that link:
3.ly -- Preview any Threely URL by adding a '-' to it. For example: http://3.ly/gl-
Shorturl -- If you want to make a ShortURL show a preview before it redirects to the long URL, you can prepend " preview." to the URL. For example: http://preview.shorturl.com/fx9
Tinyurl -- There are two different ways on Tinyurl; the first is a cookie you can install that will bring you directly to the Tinyurl site where you can see the full URL before visiting that site. The second way is to add "preview." to the beginning of the short URL. For example: http://preview.tinyurl.com/m9dr9b
bit.ly - For Firefox browser users, there are several URL preview add-ons that allows users to view more information about a link before clicking on it
If you are a Twitter user, similar preview features are offered by Tweetdeck (they have a writeup of how it works here).
To learn more, watch our presentation on SlideShare > (opens in a new window)
Additional facts:
-- Use of URL shortening services like TinyURL, Snipurl, Bit.ly and Cligs is exploding due to the growing popularity of Twitter, blogs, social networking sites and other Web 2.0 sites that allow user-generated content and where users often share links with their friends, business associates and followers
-- In June 2009, hackers were able to exploit a flaw in the Cligs’ URL editing software, allowing them to hijack 2.2 million Cligs links
-- In May 2009, Websense Security Labs alerted that “Koobface,” malware, which has plagued social networking sites like Facebook, MySpace and Hi5, was spread among friend networks through the use of TinyURLs and other links
-- Taking advantage of the convenience of these services, business use of shortened URLs is growing rapidly -- most shortened URL providers now offer free analytics that enable organizations to track important data such as the number of people that have clicked on the links, where they are located and more
-- Shortened URL service providers are reporting massive growth. According to media reports, Bit.ly is used to create 5 million to 7 million shortened URLs each day, and Snipurl has delivered 53 billion since its inception
-- Despite the risks, organizations are continuing to adopt Web 2.0 for the many benefits it can provide. In fact, a recent Websense survey of 1,300 IT managers worldwide called Web 2.0 @ Work (www.websense.com/web2.0atwork) found that 95 percent of respondents currently allow employee access to some Web 2.0 sites and applications and 62 percent of IT managers believe that Web 2.0 is necessary to their business.
-- This same survey also showed that these same IT managers around the world were far less protected for the unique threats of Web 2.0 than they believe they were.
English (US)