research-article

Two years of short URLs internet measurement: security threats and countermeasures

Authors:

Federico Maggi,

Alessandro Frossi,

Stefano Zanero,

Gianluca Stringhini,

Brett Stone-Gross,

Christopher Kruegel,

Giovanni VignaAuthors Info & Claims

WWW '13: Proceedings of the 22nd international conference on World Wide Web

Pages 861 - 872

https://doi.org/10.1145/2488388.2488463

Published: 13 May 2013 Publication History

Abstract

URL shortening services have become extremely popular. However, it is still unclear whether they are an effective and reliable tool that can be leveraged to hide malicious URLs, and to what extent these abuses can impact the end users. With these questions in mind, we first analyzed existing countermeasures adopted by popular shortening services. Surprisingly, we found such countermeasures to be ineffective and trivial to bypass. This first measurement motivated us to proceed further with a large-scale collection of the HTTP interactions that originate when web users access live pages that contain short URLs. To this end, we monitored 622 distinct URL shortening services between March 2010 and April 2012, and collected 24,953,881 distinct short URLs. With this large dataset, we studied the abuse of short URLs. Despite short URLs are a significant, new security risk, in accordance with the reports resulting from the observation of the overall phishing and spamming activity, we found that only a relatively small fraction of users ever encountered malicious short URLs. Interestingly, during the second year of measurement, we noticed an increased percentage of short URLs being abused for drive-by download campaigns and a decreased percentage of short URLs being abused for spam campaigns. In addition to these security-related findings, our unique monitoring infrastructure and large dataset allowed us to complement previous research on short URLs and analyze these web services from the user's perspective.

References

[1]

P. W. e. al. MessageLabs Intelligence: 2010 Annual Security Report. Technical report, Symantec, 2010.

[2]

D. Antoniades, E. Athanasopoulos, I. Polakis, S. Ioannidis, T. Karagiannis, G. Kontaxis, and E. P. Markatos. we.b: The web of short URLs. In WWW '11, 2011.

Digital Library

[3]

S. Chhabra, A. Aggarwal, F. Benevenuto, and P. Kumaraguru. Phi.sh/$oCiaL: the phishing landscape through short URLs. In CEAS '11. ACM Request Permissions, Sept. 2011.

Digital Library

[4]

H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Y. Zhao. Detecting and characterizing social spam campaigns. In IMC '10, pages 35--47, New York, NY, USA, 2010. ACM.

Digital Library

[5]

C. Grier, K. Thomas, V. Paxson, and M. Zhang. @spam: the underground on 140 characters or less. In CCS '10, pages 27--37, New York, NY, USA, 2010. ACM.

Digital Library

[6]

V. Kandylas and A. Dasdan. The utility of tweeted URLs for web search. In WWW '10, pages 1127--1128, New York, NY, USA, 2010. ACM.

Digital Library

[7]

F. Klien and M. Strohmaier. Short links under attack: geographical analysis of spam in a URL shortener network. In HT '12. ACM Request Permissions, June 2012.

Digital Library

[8]

S. Lee and J. Kim. WarningBird: Detecting Suspicious URLs in Twitter Stream. In NDSS '12, 2012.

[9]

B. Livshits. Finding malware on a web scale. Computer Network Security, 2012.

Digital Library

[10]

D. K. McGrath and M. Gupta. Behind phishing: an examination of phisher modi operandi. In LEET '08, pages 4:1?4:8, Berkeley, CA, USA, 2008. USENIX Association.

Digital Library

[11]

A. Neumann, J. Barnickel, and U. Meyer. Security and Privacy Implications of URL Shortening Services. In W2SP '11, 2011.

[12]

R. Rasmussen and G. Aaron. Global Phishing Survey: Trends and Domain Name Use in 1H2010. Technical report, APWG, Oct. 2010.

[13]

R. Rasmussen and G. Aaron. Global Phishing Survey: Trends and Domain Name Use in 1H2011. Technical report, APWG, Nov. 2011.

[14]

R. Rasmussen and G. Aaron. Global Phishing Survey: Trends and Domain Name Use in 1H2012. Technical report, APWG, Oct. 2012.

[15]

T. Rodrigues, F. Benevenuto, M. Cha, K. Gummadi, and V. Almeida. On word-of-mouth based discovery of the web. In Internet Measurement Conference. ACM Request Permissions, Nov. 2011.

Digital Library

[16]

G. Stringhini, C. Kruegel, and G. Vigna. Detecting spammers on social networks. In Annual Computer Security Applications Conference, pages 1--9, Austin, TX, USA, Dec. 2010. ACM Request Permissions.

Digital Library

[17]

K. Thomas, C. Grier, J. Ma, V. Paxson, and D. Song. Design and evaluation of a real-time url spam filtering service. In SSP '11, pages 447--462. IEEE, 2011.

Digital Library

Cited By

Tsoukaladelis CNikiforakis N(2024)Manufactured Narratives: On the Potential of Manipulating Social Media to Politicize World Events2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00007(17-27)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00007
Rafsanjani ABinti Kamaruddin NBehjati MAslam SSarfaraz AAmphawan A(2024)Enhancing Malicious URL Detection: A Novel Framework Leveraging Priority Coefficient and Feature EvaluationIEEE Access10.1109/ACCESS.2024.341233112(85001-85026)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3412331
Na SCho SShin SMontpetit MLeivadeas AUhlig SJaved M(2023)Evolving Bots: The New Generation of Comment Bots and their Underlying Scam Campaigns in YouTubeProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624822(297-312)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624822
Show More Cited By

Index Terms

Two years of short URLs internet measurement: security threats and countermeasures

Recommendations

Stranger danger: exploring the ecosystem of ad-based URL shortening services
WWW '14: Proceedings of the 23rd international conference on World wide web

URL shortening services facilitate the need of exchanging long URLs using limited space, by creating compact URL aliases that redirect users to the original URLs when followed. Some of these services show advertisements (ads) to link-clicking users and ...
Your botnet is my botnet: analysis of a botnet takeover
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is ...
Humans and bots in internet chat: measurement, analysis, and automated classification

The abuse of chat services by automated programs, known as chat bots, poses a serious threat to Internet users. Chat bots target popular chat networks to distribute spam and malware. In this paper, we first conduct a series of measurements on a large0 ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '13: Proceedings of the 22nd international conference on World Wide Web

May 2013

1628 pages

ISBN:9781450320351

DOI:10.1145/2488388

General Chairs:
Daniel Schwabe
PUC-Rio - Brazil
,
Virgílio Almeida
UFMG - Brazil
,
Hartmut Glaser
CGI.br - Brazil
,
Program Chairs:
Ricardo Baeza-Yates
Yahoo! Labs - Spain & Chile
,
Sue Moon
KAIST - South Korea

Copyright © 2013 Copyright is held by the International World Wide Web Conference Committee (IW3C2).

Sponsors

NICBR: Nucleo de Informatcao e Coordenacao do Ponto BR
CGIBR: Comite Gestor da Internet no Brazil

In-Cooperation

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 May 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WWW '13

Sponsor:

NICBR
CGIBR

WWW '13: 22nd International World Wide Web Conference

May 13 - 17, 2013

Rio de Janeiro, Brazil

Acceptance Rates

WWW '13 Paper Acceptance Rate 125 of 831 submissions, 15%;

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
533
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)1

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tsoukaladelis CNikiforakis N(2024)Manufactured Narratives: On the Potential of Manipulating Social Media to Politicize World Events2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00007(17-27)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00007
Rafsanjani ABinti Kamaruddin NBehjati MAslam SSarfaraz AAmphawan A(2024)Enhancing Malicious URL Detection: A Novel Framework Leveraging Priority Coefficient and Feature EvaluationIEEE Access10.1109/ACCESS.2024.341233112(85001-85026)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3412331
Na SCho SShin SMontpetit MLeivadeas AUhlig SJaved M(2023)Evolving Bots: The New Generation of Comment Bots and their Underlying Scam Campaigns in YouTubeProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624822(297-312)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624822
Paudel PBlackburn JDe Cristofaro EZannettou SStringhini G(2023)Lambretta: Learning to Rank for Twitter Soft Moderation2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179392(311-326)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179392
Bell SKomisarczuk P(2020)Measuring the Effectiveness of Twitter’s URL Shortener (t.co) at Protecting Users from Phishing and Malware AttacksProceedings of the Australasian Computer Science Week Multiconference10.1145/3373017.3373019(1-11)Online publication date: 4-Feb-2020
https://dl.acm.org/doi/10.1145/3373017.3373019
Albakry SVaniea KWolters MBernhaupt RMueller FVerweij DAndres JMcGrenere JCockburn AAvellino IGoguey ABjørn PZhao SSamson BKocielnik R(2020)What is this URL's Destination? Empirical Evaluation of Users' URL ReadingProceedings of the 2020 CHI Conference on Human Factors in Computing Systems10.1145/3313831.3376168(1-12)Online publication date: 21-Apr-2020
https://dl.acm.org/doi/10.1145/3313831.3376168
Manyumwa TChapita PWu HJi S(2020)Towards Fighting Cybercrime: Malicious URL Attack Type Detection using Multiclass Classification2020 IEEE International Conference on Big Data (Big Data)10.1109/BigData50022.2020.9378029(1813-1822)Online publication date: 10-Dec-2020
https://doi.org/10.1109/BigData50022.2020.9378029
Pendlebury FPierazzi FJordaney RKinder JCavallaro LHeninger NTraynor P(2019)TESSERACTProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361389(729-746)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361389
Ferreira RAguiar R(2019)Repositioning privacy concernsJournal of Information Security and Applications10.1016/j.jisa.2019.03.01046:C(121-137)Online publication date: 1-Jun-2019
https://dl.acm.org/doi/10.1016/j.jisa.2019.03.010
Le Page SJourdan GBochmann GFlood JOnut I(2018)Using URL shorteners to compare phishing and malware attacks2018 APWG Symposium on Electronic Crime Research (eCrime)10.1109/ECRIME.2018.8376215(1-13)Online publication date: May-2018
https://doi.org/10.1109/ECRIME.2018.8376215
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents