Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Links on your Facebook Wall - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Links on your Facebook Wall

We received an email from a reader today about a link on his wife's Facebook wall.  The link indicated that a friend had tagged her.  When he tried to remove the post from her wall it would not allow removal.  He reported it as spam.   Apparently a friend of hers clicked on the link and got infected.  The link point to bitlyDOTcom and have random file names.  Let this serve as a reminder to everyone not to click on links until you have checked out the source. As for Bitly - I would use extreme caution with any links identified as source bitlyDOTcom.  This is a website redirector that allows the link to be shortened, shared and tracked. Even if you don't get malicious programs installed, do you really want to be tracked????

Thanks to our reader Paul for the email reminder and information.

Deb Hale

Deborah

278 Posts
ISC Handler
I recommend installing the Xpnd.it! add-on for Firefox to help avoid this kind of trap. When enabled, it will look up and display the original URL that corresponds to shortened URLs from a number of such services. It can be installed from the Mozilla add-on repository.
No Love.

37 Posts
I disagree with your recommendation against Bitly - it seems unfounded. First, you seem to be going off an assumption that other URL shortening services don't track their visitors (I'll take bets that this isn't so, especially with, say goo.gl). Secondly, Bitly provides a number of measures directed at combating malware (they offer browser plugins that will show you where the shortened URL is pointing (or you can see it by appending "+" to the end of any of their shortened links), plus they utilize SURBL and Google Safe Browsing databases for link filtering), which cannot be said about other URL shortening services. If anything, you should be recommending not using them all, which is a more educated but unfeasible recommendation. p.s. I am in no way shape or form associated with Bitly, I just like their service and do my homework before voicing my opinions online.
oleksiy

34 Posts
I can agree with No,
Why should I trust bit.ly or any other shortening service? The fact that they use SURBL or any other tool is never a reason to trust anyone hiding URL's.
Shorteners can be great tools for twitter and facebook pilots on small devices. But I will not expose my company and my family to them.
Thanks for the reminder, I have added all shorteners to my blocking list.
Anonymous
Shortened URLs are no different than any other link. You should only click on links from trusted sources, and even then you need to follow security best practices to avoid getting infected. If you aren't careful you will be infected soon enough regardless of what you click. In any case, Deb, you should get in touch with the other handlers regarding your concerns because this diary frequently has bitDOTly links... e.g. storyid 10108 if you don't believe me.
Anonymous
Also, if you think avoiding shortened URLs helps prevent you from being tracked on the web, you are mistaken. It *might* help you from being tracked by one particular entity, but it's highly unlikely since any competent tracking company will be collecting info from multiple sources... cookies, web beacons, shortened URLs, trojans/spyware, phone taps, GPS and RFID sensors implanted under your skin, and so on.
Anonymous
No Love: The addon xpnd.it says it is only compatible up to version 4.0*. However, it will work if you install the Addon Compatibilty Reporter extension. I'm running FF 6.0b and it works as intended.
Anonymous
NoScript addon for Firefox needs to be mentioned. Blocking the
scripting that allows these malware sites to install by just visiting
them. Protects in other ways, too.
Anonymous
The potential usage tracking aspect of *any* third-party URI shortener concerns me. Even if a service offers an API/browser plugin to allow URLs to be 'de-obfuscated', that would still allow at least as much data (if not more) to be collected. Nobody ought to know what sites I visit, except for the site that I actually visit.

I don't see the fascination with short URIs anyway, except as a workaround for the dumb requirement of Twitter to put URIs inside of a text string. For other purposes, typing 8-16 alphanumeric characters on a mobile device is still going to be fiddly and impossible to memorise, and much easier methods exist for sharing a URI of any length, such as 2D barcodes, or shared clipboard software between networked (Bluetooth, WLAN) devices.
Steven C.

171 Posts
In my opinion, apart from the "nicety" of having a short URL to remember, they are bad and evil.

Unless you use a "revealer" like the Xpnd.it one, then you haven't got a clue what you are clicking on.

Also general lay people wouldn't know what they are clicking on even if they did know the real address they were going to. But then that's a whole different story.
Steven C.
11 Posts

Sign Up for Free or Log In to start participating in the conversation!