URL shortening services replace long URLs with shorter ones and subsequently redirect all requests for the shortened URL to the original long URL. In this paper we discuss and empirically analyze security and privacy risks caused by the use of URL shortening services. We empirically determine the most popular URL shortening services currently used on Twitter and analyze these with respect to malicious behavior, user tracking, ease of enumeration, and leakage of URLs to search engines. Also, we introduce a new attack scenario to enable SSL-only circumvention using SSLStrip and shortened URLs. Finally, we empirically analyze the use of URL shortening services in more than 7 million spam emails collected over the past seven years and determine the spam detection performance for the most popular services found.
[1]
Marc Najork,et al.
A large‐scale study of the evolution of Web pages
,
2003,
WWW '03.
[2]
R. Dellavalle,et al.
Going, Going, Gone: Lost Internet References
,
2003,
Science.
[3]
Gunther Eysenbach,et al.
Going, Going, Still There: Using the WebCite Service to Permanently Archive Cited Web Pages
,
2005,
AMIA.
[4]
Minaxi Gupta,et al.
Behind Phishing: An Examination of Phisher Modi Operandi
,
2008,
LEET.
[5]
Vern Paxson,et al.
@spam: the underground on 140 characters or less
,
2010,
CCS '10.
[6]
USENIX Workshop on Large-Scale Exploits and Emergent Threats ( LEET ’ 10 )
,
2010
.