TinyURL entices the malevolent

Sarah Perez:

TinyURL, one of the most popular URL-shortening services (although not our favorite) is now being used by cybercriminals to redirect web surfers to pages that contain viruses, trojans, and other sorts of malware. According to Finjan’s Malicious Code Research Center, these criminals are using the service to avoid having their web sites flagged by the Safe Browsing mechanisms built in to modern web browsers like Mozilla Firefox and Google Chrome.

Of course, even if the sites were otherwise safe from infectious files, the URL shortening services can still be used to obscure phishing attempts – people don’t pay much attention to URLs they click on as it is, let alone what winds up in the address bar. Further, I look at the safe browsing services as a crutch for prudent internet use – much as anti-virus software is only as good as the definitions within, the same goes ‘safe browsing’. A few warning messages later people think every site without one is safe. But they don’t call them ‘drive-bys’ for nothing.

I don’t click on shortened URLs from anyone I haven’t shaken hands with, or doesn’t have a lot to lose in terms of the interwebs popularity contest if they slip up. And that goes for links in emails, websites, and on services like Twitter.


Nobody should ever think they are smarter than the underground hacker types. In fact, I think part of the reason open source browsers wind up less vulnerable is that the folks working on the projects show a little reverence.