Short URL services are problematic, and they are becoming even more so in combination with IP location technologies.

From twitter.com earlier today:



If you look closely, you’ll notice it’s one spambot, @olasher, replying to another spambot, @MorabsShimb3554. Lame, right?

Well, the @olasher account was too obvious, Twitter suspended the account within hours of its creation. The @MorabsShimb3554 is more subtle however, and attempts to fly under the radar (successfully so far) by asking the reader to “copy & paste” the ow.ly link.

The ow.ly short link directs through maxbounty.com, and from Finland, redirects to http://fi.toluna.com/Register.aspx, but with an affiliate ID attached, which is how the spammer hopes to make money.

There’s no good way of telling just how many sites the ow.ly link opens, it’s entirely subjective to the user’s point of origin (IP address) and the number of MaxBounty commissions.

Twitter has a very nice tool tip feature that attempts to help by expanding short URLs, but it too suffers from being USA-centric. The links displayed are based on twitter.com’s home IP address. It works great for legitimate links, but not always so well for spammy and/or malicious links, because results vary according to location.

And sometimes Twitter can’t expand to the end point for some other reason.

Let’s look at the link that was being pushed by @olasher:



It pointed to adf.ly, that’s another short URL service, one which attempts to monetize short URL with an advertisement that the viewer needs to click past.



From a Finnish based IP address, the adf.ly URL will open to legitimate sites such as Groupon’s citydeal.fi. Again, with an affiliate ID attached. There could be many dozens of variations within Europe alone.



Once you click to skip the ad, you’ll be directed to amazon.com.



And yes, there’s another affiliate ID on the iPad 2 page as well.

All of the links used in this example are rather harmless. Unfortunately, short URL services with IP location technologies and benign affiliate ID spam are just the tip of the iceberg. More malicious links are on the horizon.

So what can be done?

Feature suggestion to bit.ly et al. – disallow URL to other short URL services, there’s no real legitimate reason for this.

Short URLs are useful, please make them less so for spammers and scareware vendors.

• Scammers hit Twitter, Facebook, send free iPad spam
  Facebook and Twitter users are complaining about their accounts being compromised and then being used to spam friends with suspicious "free iPad offers." View full post on Computerworld Security Ne...
• Is Kian Egan leaving Westlife or has he been Twitter hacked?
  Kian Egan, a singer with the Irish boyband Westlife, has been forced to deny that he is leaving the chart-topping pop group after statements were posted on his Twitter account. Egan had over 60,000 fo...
• Unfollowed Me rogue application spreads virally on Twitter
  Once again Twitter users are finding themselves hit by a fast-infecting attack, more commonly encountered by their Facebook-using cousins: a rogue application spreading virally across the network. Tho...
• The cake is a lie.
  Delicious cake - for years, the symbol of a reward never to materialise.This sad trend continues with the upcoming release of Portal 2, which - as you would expect - is prompting a rash of utterly fic...
• Twitter spam and viagra galore
  Spam mails claiming to be from Twitter that send you to pharmacy sites are a popular wheeze for spammers, and here we go again. Click to Enlarge It seems I have "two PR messages from Twitter". If ...
• Large spam campaign “Unread messages” from Twitter leads to pharmacy sites
  MX Lab, http://www.mxlab.eu, started to intercept a large spam campaign with the subject “Twitter – You have X unread message(s)”, where the X is a number from 1 to 3,  that leads to...
• iPhone App Strips Out Spam to Turn Twitter into a News Reader (Mashable)
  Mashable - The Spark of Genius Series highlights a unique feature of startups and is made possible by Microsoft BizSpark. If you would like to have your startup considered for inclusion, please see t...
• Backgrounds of the current Twitter Spam mails increase
  Backgrounds of the current Twitter Spam mails increase Full story: a-squared - English...
• Blog: Twitter, Leaks and Spam
  It's quite common to see attackers use hot topics on social networks to force users to click on malicious links. So what would be more interesting these days than using the term “Wikileaks̶...
• Mistype Twitter or Facebook, win an iPad (or not)
  A slip on the keyboard could land Web surfers on questionable survey pages instead of the websites they really want to visit: Twitter, Facebook or YouTube. View full post on Network World on Securi...