According to new information from researchers at Symantec, a group of spammers have created a group of 87 spam-friendly, public URL shortening services and are actively using them to circumvent spam filters on popular sites. Using URL shortening scripts that are free and open source, the spammers are churning spam through the service and the public is also free to create links through the URL shorteners, perhaps an attempt to pass off the links as legitimate. All the URL shorteners are using the .info domain and are being operated through contacts in Moscow as well as a hosting company in the United Kingdom.
The links have primarily been appearing in emails with the header titles “It’s a long time since I saw you last!” and “It’s a good thing you came!”. Once the shortened link is clicked, the user is whisked off to a site like “”Pharmacy Express” that promotes the sale of pharmaceutical products. This new tactic by the group of spammers is likely a response to vast improvements in spam detection from popular URL shortening sites. In the month of October, approximately 0.5 percent of all spam emails used legitimate URL shorteners to hide links with spikes of two to three percent on specific days during the month.
Also included in the report from Symantec, approximately 74 percent of email sent in October 2011 was spam. One out of every 343 emails were identified as phishing attempts and one out of every 235 emails contained some form of malware. Over 3,000 sites were blocked each day by Symantec, but that’s approximately a four percent decrease compared to September 2011. The United States contained the largest number of spammers in the world at about 34 percent of all spammers. Pharmaceutical spam was at the top of the list for the most common type of spam with casino and gambling emails in second and jewelry spam in third.