Network News

X My Profile
View More Activity to scour shortened links for badness

Scammers and spammers soon will have a tougher time masking links to their malicious Web sites using, one of the more popular link-shortening services out there: The company said this week it is teaming with three security firms to warn users when a shortened link looks like it leads to badness.

Criminals increasingly are abusing URL-shortening services to disguise the true destination of both phishing Web sites and those that host malicious software. Some of the most prolific and automated of these attacks take place on social media sites like Facebook and Twitter, networks that are far less useful and fun if users can't feel relatively comfortable clicking links.

In response, will by the end of the year be working with Sophos, Verisign and Websense to scrub some 40 million shortened links each day for those linking to malware, spam and phishing Web sites, the company said this week.


When an Internet user stumbles upon a link shortened with that the company's service thinks is malicious, that person will be redirected to a page warning of the threat (see screen shot above). Andrew Cohen,'s general manager, said the company chose this approach over blocking or deleting malicious links for transparency and usability reasons.

"We wouldn't want to block you from shortening a page on the Web because then the service could seem to be broken," Cohen said. "If you input a URL and nothing happens, you'll just think is broken and wouldn't necessarily know we're saving you from going to the bad site." is but one of dozens of URL-shortening services out there today. It will be interesting to see whether the other big name services respond with similar partnerships.

Back in June, Security Fix featured a tutorial on a variety of tools and services available to make it easier for Web users to unshrink shortened links.

By Brian Krebs  |  December 3, 2009; 3:20 PM ET
Categories:  Safety Tips  | Tags:, url shorteners  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: DC businessman loses thousands after clicking on wrong e-mail
Next: Apple issues security updates for Mac OS X

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company