The Latest in IT Security

Short-URL Services May Hide Threats


In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL,,, and Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts.

For the top five, the following table and graphs show the number of malicious URLs McAfee Labs discovered in 2012 and the first half of 2013.



In addition to the most commonly used URL shortening services, there are many others. Browsing the Internet, I soon discovered hundreds more.

The most common top-level domains for URL shorteners are COM, ME, LY, US, IN, NET, TO, IT, CC, and GD. But two-thirds of these sites are unreachable or lead you to web pages with advertising links indicating the domain name is for sale. Some others explain they had to close due to the amount of malicious URLs they hosted without being able to properly eliminate them.


The final third is hard to examine. Some of them require registration to use the services, but most are still directly usable. Here are the URLs most targeted by malware in 2013, according to our research.


To protect Internet users, in 2010 McAfee introduced its own secure URL  shortener using the domain. This service was designed to provide the web community with piece of mind knowing that any link referred to was secure, containing no malware and not pointing to a malicious site.

If you follow any short URL, such as this one leading to the French CLUSIF association web page (hxxp://, you will notice that a frame is added to the top of the destination page confirming its good ranking from Site Advisor. Here the check mark is green:


But if you are redirected to a malicious URL, you will be stopped before it is too late.


To create these short URLs, you can find add-ons at the Google Chrome Extension repository and at the Firefox add-on site. You may use these facilities knowing that McAfee will help keep you safe.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments