Security Corner

Nov 30 2010   6:49PM GMT

Shortened URLs Can Hide Malicious Sites

Ken Harthun Ken Harthun Profile: Ken Harthun

There’s no question that URL shortening services like tinyurl.com and bit.ly are useful.  After all, it’s a lot easier for me to send “http://tinyurl.com/23gycsl”than it is to send “http://www.subscriberstronghold.com/freetraining/theanswersexposed.php?hop=jvrodger,” not to mention that it takes up less space. Using shortened links is not only convenient, it’s essential if you’re using micro-blogging services such as Twitter. But there is one big disadvantage to them: you don’t know where such a link is taking you. The destination could be a malicious site that hosts malware just waiting for you to arrive and get infected. How do you resolve that?

Almost all of the popular URL shortening services have some means of previewing the link before you actually visit it. TinyURL, for example, allows you to prepend “preview” onto the link, so the link I showed you above can be previewed by changing it to “http://preview.tinyurl.com/23gycsl.” That will take you to the TinyURL preview page and you see this message: “This TinyURL redirects to: “http://www.subscriberstronghold.com/freetraining/theanswersexposed.php?hop=jvrodger.”

Google’s URL shortener, goo.gl, allows you to add a “+” at the end of the link to preview it. Here’s a link to my other site: http://goo.gl/WXylu. Change that to “http://goo.gl/WXylu+” and you’ll see not only the long link, but statistics of how many times your shortened link has been visited.

You can also use any of the following services to get a long version of the short URL: Longurl, ExpandMyURL.com, or Long URL Please.com. You simply copy and paste the short URL and the service expands it for you.

Joshua Long, a computer security researcher from Southern California, has put together an excellent guide on his blog that takes into account how to use the preview features of all of the major URL shorteners.

So, before you blindly click on any shortened link that you’re not sure about, use one of the available preview methods to check its destination.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: