Analysis Shows Some URL Shorteners Often Point to Untrusted Websites

ID THREATPOST:347B1C8415AD550D27D84872A0192624
Type threatpost
Reporter Brian Donohue
Modified 2013-04-17T20:03:22


In an analysis of 1.7 billion shortened URLs, researchers at Web of Trust found that 8.7 percent of TinyURLs and five percent of URLs lead to sites that received poor ratings for ‘trustworthiness’ and ‘child protection.’

“Certainly the URL shortening services don’t intend to point people to malicious websites,” said Web of trust CEO, Markus Suomi, “but perhaps they can do more to proactively protect their services from being exploited.”

Suomi explains that the companies responsible for URL shortening services should be able to limit their malicious use by automatically screening for compromise websites and warning users if the sites they are attempting to access are suspicious.

In addition to these findings, Web of Trust measured the overall trustworthiness of various top level domains. They determined that 2.5 percent of sites within the .com TLD are rated poorly in terms of trustworthiness and 3.6 percent were rated poorly on child protection. In the .info TLD, 10.7 percent of sites were rated poorly, 9.6 percent received poor ratings in the .net TLD, and 9.5 percent of .biz domains were poorly rated.

Web of Trust goes on to point out that many countries’ TLDs through which link shortening services route traffic are loosely regulated and return suspicious ratings for as many as 90% of the websites under their top level domains. The most suspicious TLDs, according to Web of Trust are the Acension Island’s .ac domain, in which 91 percent of sites are poorly rated, Montserrat’s .ms, with 46 percent of its sites rated poorly, and Puerto Rico’s .pr, where 46 percent received poor ratings.

The analysis was based upon data from TinyURL (from its inception in 2002 until December 2011) and (from its founding in 2008 to December 2011).

Web of Trust is a Finnish company that runs a community-powered safe-surfing tool. The site ratings are partially crowd-sourced by Web of Trust’s 45.5 million users. People who download Web of Trust’s browser plugin can rate the trustworthiness of the sites they visit based on their own experience. In addition to this, the ratings are also partially based on ‘information from selected technical data services.’

You can view Web of Trust’s analysis here.