04 April 2012

The Hidden Dangers of Short URLs

Services such bit.ly and tinyurl which shorten long website addresses have grown rapidly in popularity over the past few years spurred on dramatically by the rise of Twitter and other social media sites.
Short URLs are now so common that most users will click on http://bit.ly/ugh or http://tinyurl.com/1c2 just as quickly as http://www.google.com.  Since it is not readily apparent where any of these less conventional URLs will send the user, they should all be viewed with some degree of skepticism. 
Any of the short URLs could point to a website serving spyware or other malware just as easily as they could point to Google.  Fortunately, users don’t have to “roll the dice” and click the link to determine whether a link shortened by bit.ly or tinyurl is safe. 
Both bit.ly and tinyurl provide mechanisms for expanding and validating links.  To expand and view statistics for URLs shortened with bit.ly, simply add a '+' to the end of the URL as in:  http://bit.ly/ugh+.  To do the same for URLs shortened with tinyurl, just add the word ‘preview’ at the beginning of the link, as in:  http://preview.tinyurl.com/1c2.
On a related topic, most users would probably grow suspicious if presented with URLs such as http://0x4a.0x7d.0x41.0x63 or http://1249722723 because these URLs “look malicious”—or at least unconventional. 
Both of these URLs are perfectly valid (and safe) and demonstrate the use of two different obfuscation techniques. Both of these techniques are commonly used by malware authors to obscure the destination IP addresses of command and control nodes associated with their software.  Additionally, URL obfuscation techniques can sometimes be used to bypass security controls such as web proxy servers or, when combined with cleverly formatted HTML, to trick users into visiting malicious websites in much the same manner as URLs shortened by bit.ly or tinyurl.

So, bottom line, think (and verify!) before you click!